Feature #5653: publish autobuilt ISO images
Sign published artifacts checksums
We might want to provide a way to verify the jenkins autobuild isos published on nightly.t.b.o. That way we can have people safely downloading an trying them.
Point is that we can't use our main pgp signing key for this task, as it will be used on a remote server.
We might end on using a signing subkey or more likely to manage a new secret key, signed by our main one.