If you're signing Manifests and wonder how to use a stronger hash than SHA-1, here's a nice ~/.gnupg/gpg.conf snippet:
enable-dsa2
personal-digest-preferences SHA512,SHA256,SHA1
This is a modified version of Justin's snippet.
By the way, since my last signing-related post in March, the number of signed Manifests has increased and now about 56% of Manifests are signed. Here are commands I've used to count the total number of Manifests and signed ones:
find /usr/portage -maxdepth 3 -name Manifest | wc -l
find /usr/portage -maxdepth 3 -name Manifest -exec grep -l 'BEGIN PGP SIGNATURE' {} + | wc -l