Hi, I suspect this applies to other boards, too.
I was surprised to discover there were no signed hashes available alongside the system image releases.
It would be of benefit to users, and is crucial in a security context, to provide PGP-signed hashes of release images.
This is both because there have frequently been TLS infrastructure breaches, and also because it is labor-intensive and requires network access to verify an image that is only authenticated via TLS.
There is md5 inside the archive with the image.