>> Please let's just sign the whole file.
>> It's more failsafe, and not that difficult to implement, see my other 
>> posting.

>It's a PITA for users. Do we really want to stick users with the baggage

No it isn't.  My users have been doing this for years.  They add foo-signed.tgz
it gets unpacked and contains foo.tgz and foo.tgz.sig, its +INSTALL is totally
generic - it verifies the .sig and only if it is ok, pkg_delete's foo and then
adds foo.tgz

The trick is to not actuall make foo.tgz available to users ;-)

--sjg