Hi,
The tazpkg scripts download files from the (main) mirror and verify them using md5 method. This is very traditional and I think the packages can be easily modified by 3rd parties.
Is there any feature / plan to support more secure signature and verification methods? (Using GPG for example)
Thanks
