The release process uses autograph to sign many artifacts with a PGP detached signature. It is technically possible to extend fx-sig-verify to also check the validity of the detached signature.
Advantages
PGP signatures cover artifacts not currently checked. E.g. MSI, macOS, & linux installers
Adds another layer
Disadvantages
added complexity, as verification requires both files to be available
The release process uses autograph to sign many artifacts with a PGP detached signature. It is technically possible to extend fx-sig-verify to also check the validity of the detached signature.
Advantages
Disadvantages