Signing release assets
I think we should sign the release assets of pleroma, with at least a regular checksum(like SHA256) and probably minisign/signify for verifying the authority (let's avoid OpenPGP).
I think we should sign the release assets of pleroma, with at least a regular checksum(like SHA256) and probably minisign/signify for verifying the authority (let's avoid OpenPGP).