Support signed packages

[GoogleCodeExporter]

Currently package feeds may be signed but individual package files are only 
verified by md5sum and/or sha256sum.

We should add a config option to enable a detached signature to be downloaded 
along with each package file and verified. This provides a higher level of 
security and brings us in line with what other package managers can do.

Original issue reported on code.google.com by paul.betafive on 8 May 2014 at 2:55

[GoogleCodeExporter]

This feature is now implemented on the master branch (commit ID f2fefdf). The 
relevant config option is 'check_pkg_signature'.

Original comment by paul.betafive on 12 Oct 2014 at 10:31

• Changed state: Fixed