Hi, It currently seems impossible to verify downloads from a computer without OpenBSD, for a few reasons:
1. No securely-distributed public key 2. Lack of signify packages in e.g. Linux distros, or securely-distributed sources To keep things simple, I propose mirrorring SHA256SUM files onto the main website and making them available over HTTPS. This allows new users to easily verify images. Any chance this could get fixed? Regards, Eduard