Gentoo-GPG is a python-based project that allows the user/developer to encrypt and sign their data and communications and ensuring integrity of distributed data in Gentoo tree (ebuilds, files and distfiles so that malleability of a distributing server isn't possible) by creating GPG keys and is used for Gentoo’s release media like installation CDs, Live DVDs and other GPG-signed documents. It will also be used by the Gentoo infrastructure for GPG-signed git commit validation, as well as, provide functions for commit authentication by developers. The Meta-Manifest brings security of distribution of Gentoo Software by providing a much less expensive way of verifiable distribution from Gentoo Infrastructure to a user system, while data is conveyed over completely untrusted networks and systems.





  • Pavlos Ratis
  • robbat2
  • Kristian Fiskerstrand
  • dol-sen