#capjamesgSo the workflow is: developer makes release, release is added to an index file with the hash of the file, the index file is signed, I grab the index, checking its integrity using a public key, then I choose what file to download based on the version I want etc.