>>12
>>8 here, and actually I use Arch. Well, I did until I borked it a couple days ago while updating to Ext4, so now I'm using Ubuntu on a spare drive until I figure out how to fix it. (The problem is that Grub drops me down into its shell rather than loading the menu and letting me boot! I reformatted the /boot partition to Ext3 and copied the files pack, but no dice.)
You don't need to insult my "level of understanding," since I pretty clearly showed that I know what a signature is and how it's different than a hash sum, and of course I understand that they're used to validate a message's author. Sorry that I didn't know that other package managers use sigs, now I know better. And I'm sorry that I claimed that using sigs would be less open, I see now that it wouldn't necessarily be. I think that when I read about a package manager using signatures, I assumed that it would *require* signatures, rejecting unsigned ones, thereby making it difficult for a user to make their own packages; that would surely not be open, but now of course no good distro would ever do that, and I don't know why I thought any distro would.