Authenticate deployed artifacts

Description

clojure-tools artifacts are published unauthenticated, which is a security risk, especially for the linux install.

One simple approach would be to output a checksum file and sign the checksum file. I recommend not signing with openssl or pgp, and deferring to a simple tool like signify.

Environment

None

Assignee

Alex Miller

Reporter

Ghadi Shayban

Labels

Approval

None

Patch

None

Priority

Major
Configure