Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.
Each author cryptographically signs a list of resources (own public key, package releases) they vouch for. The repository is a map where resource digests are the key, and the set of warrantors the value. Verification of the signature is done via verify.
0.9.2 - homepage