> It currently seems impossible to verify downloads from a computer
> without OpenBSD, for a few reasons:
> 
> 1. No securely-distributed public key
> 2. Lack of signify packages in e.g. Linux distros, or
> securely-distributed sources
> 
> To keep things simple, I propose mirrorring SHA256SUM files onto the
> main website and making them available over HTTPS. This allows new
> users to easily verify images.

I propose we keep it even simpler, and don't do what you propose.

Tired of the suggestions.

The end.

Reply via email to