Provide sha256 checksums as Assets instead of strings in a HTML table #1311
Description
As the maintainer of kompose Autopkg recipes, I would like to add checksum verification to the download recipe, in order to automatically verify the integrity of the download. While parsing and regexing the releases page is technically possible, it is also cumbersome and error prone process. Therefore, I propose to do what e.g. minikube project does, and provide the checksums as Assets alongside the downloadable binaries/archives. This would benefit not only AutoPkg recipies, but other automated download/package managing projects.
Additionally, it would be nice if the binary could be codesigned and notarized. This would benefit/speed up the adoption in more tightly secured environments, and more importantly, would adhere to Apple's new security guidelines, which most likely become standard in future macOS releases. I acknowledge that this might require some changes on your build pipeline in addition to a Apple developer certificate, and thus is not necessarily a trivial task.
I am happy to provide any assistance my feeble skills are good enough for. Thank you in advance.