security: git tag v0.3.2 not verified, plus unverified git commits

[neuhaus]

The tag v0.3.2 is not marked verified on github.

Also there are still commits to the repository that are not verified commits (the last one was 3 hours ago).

You are hopefully aware of the BadgerDAO frontend hack. The best protection against these hacks are digital signatures. The client software must be signed and ideally there are digital certificates for both the servers and the clients.

Web clients offer a huge attack surface. You really have to do as much as you can to minimize the risk.