Re: verifying PGP signed package-index files

I've got this working, but I'm wondering if we really need it or not. I mean, as far as I can tell, this part of the XEmacs Package System has never worked, and it was introduced in 1998. Obviously it was never seen as important enough to do anything about. Do the package-index files need to be PGP signed? Does anyone know what the reasoning was behind the idea in the first place? Another thing that concerns me is that if I apply the patch to fix the PGP stuff and then start signing the package-index files it'll bugger up any XEmacsen that is pre-PGP-patch. So, what would you like me to do; fix the PGP code and tell everyone to stop whining and upgrade, or get rid of the PGP code in the package tools altogether?