Secure downloads

Notes from Director(s)
"The current standard for verifying downloads requires that users verify a developers GPG key, download GPG and SSH, and compute the MD5 hash of their download to make sure it isn't compromised through a MITM attack (I.e. Ubuntu, Tor, Tails). Tails even made a browser extension that has 80,000 users between Chrome and Firefox, and that's just for a single piece of software! This is a relatively niche use-case but could probably get 100k users relatively easily." - tieshun/