## Request Releases publish `checksums.txt` (goreleaser), and #647 makes `install-cli.sh` verify the archive against it. But `checksums.txt` is fetched from the same release over the same HTTPS as the artifact, so it provides integrity, not protection against a compromised release host. Signing `checksums.txt` with cosign keyless (sigstore) gives a real, out-of-band trust anchor. ## Proposed changes (producer side) **`.goreleaser.yaml`** — add a signs block: ```yaml signs: - cmd: cosign artifacts: checksum signature: "${artifact}.sig" certificate: "${artifact}.pem" args: ["sign-blob","--output-signature=${signature}","--output-certificate=${certificate}","${artifact}","--yes"] output: true ``` **`.github/workflows/release.yaml`** — add `id-token: write` to `permissions` (currently `contents: write`) and install cosign before goreleaser: ```yaml - uses: sigstore/cosign-installer@v3 ``` This uploads `checksums.txt.sig` + `checksums.txt.pem` to each release. Keyless signing ties the signature to this repo's GitHub Actions OIDC identity. ## Consumer side `cosign` isn't preinstalled on most machines, so the `curl | bash` installer can't hard-require it. Suggested: `install-cli.sh` does an *optional* `cosign verify-blob` (pinning `--certificate-oidc-issuer https://token.actions.githubusercontent.com` and a `--certificate-identity-regexp` for this repo's release workflow) when cosign is present, falling back to the checksum check otherwise. Security-conscious users / CI can verify explicitly. ## Notes The signing change only runs in the release workflow on a tag, so it needs to be validated by an actual release. Happy to open a PR with the goreleaser + workflow diff and the optional install-script verify path if this is something you'd like to adopt.