binary release on S3 should have signature
a gpg signature, just like debian package, with the id of the signer on your own domain. I don't trust S3 like your https website.
a gpg signature, just like debian package, with the id of the signer on your own domain. I don't trust S3 like your https website.