I'd like to step back from the technical discussion here for a moment and expand a bit on a point at the end of my previous email, which is really about process. After I first uploaded a blog post about service architectures and package distribution that was a recent interest of mine, I was very surprised and happy to hear that actually several parties had not only been already thinking about these very topics but moreover already have various small prototypes lying around. This was also the case for *secure* package distribution. What puzzled me, however, is that this came in the form of multiple private messages from mutiple sources sometimes referring to multiple said parties only vaguely and without identifying them. A similar story occurred when folks first started evoking package signing some years ago. Be it on robust identification of the provenance of packages, distribution packages and their metadata, more robust sandboxes or any other topic that touches upon our core infrastructure and tooling, it would be really great if people made themselves known and came forth with a) the requirements they seek to work against, b) their ideas to solve them and c) the resources they need or are themselves willing to bring to bear. It ultimately hurts the community when people repeatedly say things to the effect of, "yep, I hear you, interesting topic, I have a really cool solution to all of what you're saying - will be done Real Soon Now(tm)", or are happy to share details but only within a limited circle of cognoscenti. Because the net result is that other interested parties either unknowingly duplicate effort, or stall thinking that others are tackling the issue, sometimes for years. I know that the IHG has been interested in more secure package distribution for a very long time now, so it's really great that Duncan and Austin have now ("finally") taken the time to write up their current plan, moreover with a discussion of how it addresses a specific threat model, and make it known to the rest of the community that they have secured partial funding from the IHG. I know there other efforts out there, it would be great if they all came out of the woodwork. And in the future, if we could all be mindful to *publish* proposals and intents *upfront* when it comes to our shared community infrastructure and community tooling (rather than months or years later). I believe that's what is at the core of an *open* process for community developments. Ok, end of meta point, I for one am keen to dive back into the technical points that have been brought up in this thread already. :)