A few questions: 1. Signify currently produces a build warning about an implicit declaration of function 'getentropy.' Am I missing something? Surely the crux fork is not the only portable fork of signify - what are we doing in ours that's special and requires a custom fork? 2. I think I feel a little strange about the inability to navigate the web of trust using signify keys. With this model, there is a master private key that is shared by all with repo commit access or administrative access to the crux server. This is a liability in that now there are many people who could potentially mishandle the key. With standard PGP keys, devs need only be responsible for their own keys, and we could generate a web of trust by which users can be sure that their packages were actually signed by a trusted dev. A single compromised developer key doesn't automatically compromise every single package in a repo with multiple committers. With signify, it seems like the user can be sure that their packages were signed by whoever controls the crux server, but that may not necessarily be a friendly individual. 3. There is no key revocation support - what happens if the repo key is compromised? 4. How might 3rd-party repos set up signed packages for themselves? Would it just be a matter of figuring out how to distribute their repo's pubkey? How can they reliably rotate the keys, if they can't get their keys into the core port? I think at the moment I like the idea of git signed commits a little better, but it would require ports to be distributed via git rather than rsync. Perhaps I just don't fully understand the signify model yet. rmull