infrastructure request: signed releases

[BrainDamage]

It'd be nice if the release tarballs were pgp/gpg signed so that their authenticity and integrity could be verified independently of the host

bonus points if you could sign the release commits too, so the same could be applied to the git repository

[rapier1]

Hey, sorry I haven't replied earlier. I'm working on this. The RPMS and debs are signed. I should get everything else signed soon.