Hi Frederick, Mark, I have a concern wrt the author signature. It seems that both the author signature and the distributor signature need to sign every file in the package. Does this mean that, to verify a package, you would need to effectively verify everything in the package twice? or is verification of the author signature optional?
Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au
