[Rpm-metadata] sample repository metdata xml file

[seth vidal]

> Um, designing signature trust across multiple files with Yet Another File
> is hard.

I never said anything about signature trust. I just said about posting
where signature files are located.


> The benefit is that each file will have it's own signature, and you
> won't have to muck with compression/signing in python.

why would I have to muck with it now? I'm just talking about having a
url to the gpg public key. Nothing more.

-sv