On Jan 3, 2020 8:21 AM, Justin Sherrill <[email protected]> wrote: > > On Fri, Jan 3, 2020 at 4:51 AM Michael Neumann <[email protected]> wrote: > > > Given that your private key stays secured this adds another layer of > > security. Right now, even using SHA256 checksums would be no more secure > > in case you download the checksum file (md5.txt or sha256.txt) from the > > same mirror server as the file itself. > > > > If you need help setting this up, please let me know. > > This is a good idea, and a very helpful writeup. I'm low on time (as > is everyone, always) but I'm not working this weekend - let me see how > far I get.
Don't forget to post the public key and the hash of the key and sign the key and arrange delivery of the key by armed escort to everyone wishing to download it to ensure security.
