I suspected/hoped this was one reason for the new pkg ;-)
I'm *100% in support of this* and will help as much as I can. I can
see if my org (Rapid7) would be willing to be a trusted peer (given my
position it's prbly more like "we will be doing this" vs an ask).
Sonatype may also be willing to be
I would like to propose adding experimental support for including a
PGP signature in R source packages. This would make it possible to
verify the identity of the package author and integrity of the package
sources.
There are two ways to implement this. Assuming GnuPG is on the PATH,
the CMD build
