tarball signatures

Starting from 2021, all source release tarballs on are digitally signed by the svn server automatically. To verify the signature you need to download the correspoding sig and cert files and use openssl.

The verification process can be performed manually or using a script.

Using these signatures is somewhat safer than using https and makes tarball checksums unnecessary.