Comment 23 for bug 638384

I'm just reading this from the bottom up now... The last suggestion from James could be just something like this: http://paste.ubuntu.com/590764/ with some checks along the way.

Could that be a part of the "testdrive" script?

I think this covers the last point from lool:
> * provide a tool which downloads and verifies Linaro images (for instance, shell script or pygtk UI)

but not these:
> * add the GPG key of the current Offspring instance to linaro-image-tools
> * change linaro-media-create to verify rootfs.asc and hwpack.asc when passed --binary rootfs --hwpack hwpack args
> * change linaro-hwpack-create to include PPA keys when the hwpack includes PPAs and linaro-hwpack-install to install them and setup the corresponding PPAs when the hwpack includes keys and PPAs

Would these still be needed even with the "outside" signing with the sha1sums files?