Feature request. Use checksum instead of GPG verification.

[tioteath]

GPG proved itself as notoriously unreliable tool which breaks RVM installation 2 times out of 10.

It would be nice to have any alternative verification method, like SHA sum verification or whatever, which would work each time and would provide any reliable verification method with a decent security level. Currently, we have to trust to some vague GPG keys installed from unknown server in the Internet, instead of relying on HTTPS with proven authority.

[claasz]

@tioteath is so true. We use RVM for many years now, and the GPG part always gives you a hard time. You cannot automate RVM installation (e.g. via Ansible) in a reliable way, because 50% of time there's some issue with GPG.

No expert in packaging or security here, but since RVM is the only software I know requiring GPG for installation, I assume there's a better alternative.