Following on from the earlier autoupdates thread and future plans for verifying signed packages during download, is there any mechanism possible by which a package could be hash checked locally on startup ? i.e. to check that the package's hash value against an encrypted value of the hash key in an encryted key table maintained by xpinstall. Needless to say the aim is to prevent tampering at the workstation ...
