search for: gpg_verifi

I would like to propose adding experimental support for including a PGP signature in R source packages. This would make it possible to verify the identity of the package author and integrity of the package sources. There are two ways to implement this. Assuming GnuPG is on the PATH, the CMD build script could call: gpg --clearsign MD5 -o MD5.gpg Alternatively the 'gpg' R package

Thanks Jeroen. The R Foundation has recently formed a working group to look into package authentication. There are basically two models. One is the GPG based model you describe; the other is to use X.509 as implemented in the PKI package. It's not yet clear which way to go but we are thinking about it. Martyn On Sun, 2016-10-23 at 18:37 +0200, Jeroen Ooms wrote: > I would like to propose