Document PGP release signature usage on getsession.org/download

[maltfield]

Is there an existing request for feature?

• I have searched the existing issues

What feature would you like?

Document how to cryptographically verify downloads on the getsession.org download page

Expected behaviour

When I go to download the Session desktop client, I should also see instructions on how to verify the authenticity of the file after download and before install. Or, at least, a link to the document that describes this.

Actual behaviour

I see no mention about cryptographic authenticity verification on the download page

• https://getsession.org/download

Steps to reproduce

1. Go to https://getsession.org/download
2. Click "Linux" (or whatever platform I'm on)
3. See the AppImage is downloading
4. Look around on page for the word "verify" or "PGP" or "GPG" or "signature"
5. ???
6. Get confused and open ticket

Anything else?

No response

[maltfield]

Note: This is not a support request asking for information on how to verify release signatures.

The only resolution to this ticket is by updating the getsession.org download page with the information (or a link-to the information) that documents how users can verify release signatures.

[maltfield]

Here are some examples of "verifying this release" project documentation from other projects

1. https://www.apache.org/info/verification.html#CheckingSignatures
2. https://docs.featherwallet.org/guides/linux#verifying-the-download-optional
3. https://support.torproject.org/tbb/how-to-verify-signature/
4. https://ubuntu.com/tutorials/how-to-verify-ubuntu
5. https://tails.net/install/expert/index.en.html#verify-key
6. https://calyxos.org/install/verify/#additional-verification

[maltfield]

Note: This ticket was "moved" here from the prior ticket opened in the session-desktop repo:

• Document PGP release signature usage on getsession.org/download session-desktop#3078