$ FEATURES="sign" repoman commit (enter ssh passphrase) (enter gpg passphrase) *signing* (cancel commit before entering ssh passphrase again) $ FEATURES="sign" repoman commit (enter ssh passphrase) (enter gpg passphrase) *signing* (enter ssh passphrase again) *commiting* and there, you just double signed the Manifest. This just happened to me with the package gpe-base/libgpewidget (look at it for an example). It would probably not happen if I was using a ssh-agent though.
The Manifest.write() method avoids unnecessary writes by parsing the existing Manifest and comparing the entries to the data that would be written. This is good since we can call Manifest.write() and trust that it won't do unnecessary writes and also that it won't unnecessarily discard an existing signature. What we need is an additional mode for repoman to use during commits, that will discard the existing signature when we are planning to generate a new signature.
This should be fixed now: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=916df01c378dc4a04961effdc209dab791d3e53f
