Implement source archive verification (hash sum and PGP keys) for boulder
Additional (desirable) compliance features:
-
Add patterns for moss-fetcher to try to automagically fetch and verify: -
.sha256sum (etc.) entries (show a message if no patterns succeeded?) -
.asc (PGP) entries (bail if can't verify?)
-