>>>>> On Tue, 06 Oct 2020, Frédéric Pierret wrote:

>> We've already discussed it in #-qa, and I still think that this is
>> over-engineered. Users can validate the distfile by the Manifest and
>> its signature, so exposing the feature to users is redundant.

> IMHO, manifest verification and distfile verification are two separate
> things. Before you validate and sign the Manifest, you need to fetch
> (new) source and to verify it. This is not redundant at all.

The eclass adds a second method of distfile verification on the user's
side. So unless the feature is intended to replace digest verification
on the long term (which I hope it isn't), it is redundant for users.

It may be fine as an opt-in feature for developers, but I believe that
enabling it by default for all users is wrong.

Ulrich