I'm curious to know why when I went to the download page
https://alpinelinux.org/downloads/ none of the gpg signatures for any of
the isos/images were availible. I was getting 404 for all of them.
Alpine Linux 3.9.0 was released 3 days ago.
There were .asc files or RC1, but it seems RC2 to RC5 and now the final
release did not get any.
Can you please explain why this is the case? An unsigned SHA256sum and
SHA512sum isn't really all that useful for verifying authenticity.
Additionally I checked the mirror to see if there was a checksum for all
the images that was signed (like Debian does) but it seems that's not
the case either.