Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
x/website: link to signatures on Go releases and document how to validate #38910
On https://golang.org/dl/, there are links to each Go release, along with SHA256 checksums. However, the security of those checksums is only ensured by HTTPS. I learned recently that there are also PGP signatures for each release. So to go along with:
There is also:
It would be great to document that fact on https://golang.org/dl/, along with instructions on how to validate the signature.