What was the reasoning on shipping a development version of GNUtls in
2008.1?

And...
* Seg Fev 18 2008 Guillaume Rousse <guillomovitch@(protected)
+ Revision: 171614
- new version
drop signature file from sources (missing from mirrors)

So if you can't find a signature file, and thus can't verify the origin and
integrity of a very important security library, you just drop the signature?
What is the logic on that?