On Sun, May 17, 2015 at 11:52:19PM +0100, Raf Czlonka wrote: > There are several things which this script does not check for - some of > those are on my TODO list:
I didn't review your script, but I did ctrl+s... TODO item #0 should be to use signify with SHA256.sig rather than checking SHA256 directly. There's an example in the man page. :) SHA-256 checks if the files were downloaded properly, but it does not check if the files are from us. signify with SHA256.sig provides both integrity and authentication.
