Package signing in Gentoo
Ebuild files are signed in Gentoo. In the development repository, all commits are signed by developers, and therefore all files in the repository are covered by signatures. For user distribution, git and rsync are supported. Git combines developer signatures with merge commits with automated signatures (merge commit is always on top, so it's sufficient to verify that one commit). RSync uses a nested tree of Manifests that describe checksums of every file in the repository, and the top Manifest has a cleartext signature.
- GLEP 66: Gentoo Git Workflow / OpenPGP signatures
- GLEP 74: Full-tree verification using Manifest files