For those paranoid ones the server should support adding PGP signatures alongside keys loaded in via the config file.
This can be used if either you don't fully trust https (as it's not in your control) or you want to run plain http but still not be susceptible to a man in the middle attack.
Later the CLI application (#24) can likely help you generate signatures for each of the keys in the config file. But for now it's fine to be manual.
For those paranoid ones the server should support adding PGP signatures alongside keys loaded in via the config file.
This can be used if either you don't fully trust https (as it's not in your control) or you want to run plain http but still not be susceptible to a man in the middle attack.
Later the CLI application (#24) can likely help you generate signatures for each of the keys in the config file. But for now it's fine to be manual.