I checked <http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=5> and the Handbook only mentions validating MD5 checksums.
There are two possible issues: 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we be using something stronger? 2. I noticed the checksums are signed (.asc files). With what key are they signed? How is that key handled, and how to ensure people use the right key when verifying the signature? Paweł
signature.asc
Description: OpenPGP digital signature
