Going forward, any builds i release will be signed with my PGP key, which you can find here.
This is to provide additional protection when it comes to distributing software, as by verifying a package’s signature, you will be able to tell if it has been modified in some way after the point at which it was signed. It should go without saying, but if a package FAILS a signature check, you SHOULD NOT run it under any circumstances.
I will not be retroactively signing packages, so any releases that don’t already have signatures won’t be getting them, as i cannot match the time they were posted to the time they were built anymore.