X
X
Would it be possible to sign releases with gpg so users can verify downloads? If not, how about releasing the corresponding checksums, preferably across multiple platforms (github, website, X)?
Would it be possible to sign download files so end users can verify integrity before installing? Possibly with something like GPG or OpenSSH? Thanks