>>> [...nbsvtool...gnupg...]
>> [...nbsvtool...gnupg...]
> [...nbsvtool...gnupg...]

I have a suggestion which may be heretical, but seems reasonable to me:
why not sign things with GPG, PGP, nbsvtool, and whatever other forms
of sigature we think have wide enough acceptance to be worth using?
(S/MIME, maybe?)  The nbsvtool (or whatever) signatures can be checked
by the NetBSD tools, with any of them checkable by humans who want to
make sure they've got a clean distribution when they have it on some
other (non-NetBSD) machine.

The truly paranoid, of course, will check them all, which is as it
should be; as someone pointed out, having more signatures cannot make
the file itself less secure - at most they can lead to a false sense of
security, and I don't think that's a danger when providing a half-dozen
different forms of signature over the same files.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B