TBH I am not a fan of md5 checksums. sha-2 is ok, but gpg is best. But as mentioned in another thread, I’m not sure how to gpg sign packages in the CI pipeline.
1 Like
TBH I am not a fan of md5 checksums. sha-2 is ok, but gpg is best. But as mentioned in another thread, I’m not sure how to gpg sign packages in the CI pipeline.