Missing shasums and file signatures to verify downloads?

[Emily7777]

Where are the download SHASUMS and file signatures published?

I'm sure you can imagine that we can't really trust the download with a crypto wallet until we can verify it wasn't changed.

Please advise.

[hoffmabc]

Here is the SHA file. https://github.com/OpenBazaar/openbazaar-desktop/releases/download/v2.3.8/SHA256SUMS.v2.3.8.asc

Here are verification instructions if you want to use the scripts. https://github.com/OpenBazaar/openbazaar-desktop/tree/master/verify