docs to explain how to use signatures and digests to verify downloads

[polvi]

We had a user complain that we do not do https for image downloads (iso in particular). We do digests and signatures... so we should probably better document that for pages that refer to image downloads.

[philips]

A potential workaround we have provided in the past is to append https://commondatastorage.googleapis.com to the front of the URL.

Example:
https://commondatastorage.googleapis.com/alpha.release.core-os.net/amd64-usr/935.0.0/index.html

[philips]

Longer term we plan on moving to an object store or CDN that lets us provide HTTPS.

[pop]

Closing due to inactivity.

If you are still interested in this, please open an issue on coreos/bugs .