As the live cd is probably the first thing a new chimera user is going to download, it might be a good idea to sign the sha256sums.txt file.
It will increase confidence a bit.
If anybody ever tampered with sha256sums.txt and the live cd files, the signature verification would fail.
Also, a related question, is chimera using apk package / repository metadata signing ?
P.S. I didn't know which project I should have added this feature request. Let me know where I should direct my Chimera project-in-general issues in the future if this was not the correct project. Thanks again for Chimera !
Looking at the live cd download location https://repo.chimera-linux.org/live/latest/ I notice a
sha256sums.txtfile.As the live cd is probably the first thing a new chimera user is going to download, it might be a good idea to sign the
sha256sums.txtfile.It will increase confidence a bit.
If anybody ever tampered with
sha256sums.txtand the live cd files, the signature verification would fail.Also, a related question, is chimera using apk package / repository metadata signing ?
P.S. I didn't know which project I should have added this feature request. Let me know where I should direct my Chimera project-in-general issues in the future if this was not the correct project. Thanks again for Chimera !