Ralph Giles wrote: > To be clear, we could have jenkins sign a binary after building, but > this isn't as strong and assertion as Jean-Marc's signed git tags, for > example. Yes, but those only sign the source. All the previous releases also have a SHA1 hash in http://svn.xiph.org/releases/opus/, but that still doesn't say anything about the binaries.