As alternative (!) way to verify Whonix downloads, what about signign them with codecrypt?
Post-Quantum Cryptography (PQCrypto)
Related:
Codecrypt seems to be a much smaller project so there’ll be a lot less people looking at the code.
It might not be in some distros’ repositories (it isn’t in the Arch ones) so less people can verify the downloads with it.
It looks more complicated so it’s harder for inexperienced people to use.
1 Like