There's more we can do with this, but let this sink in for a bit.

The main goal was to provide all changelogs, signed and verified,
to be resilient against phishing attacks on mirrors or MITM means.