Together with @hko I have worked on the "File Hierarchy for the Verification of OS Artifacts" ( #VOA) in 2024 and 2025.

This #STF ( @sovtechfund ) funded #specification and #ReferenceImplementation (🦀) enables technology and distribution agnostic verification of OS artifacts.

In this #blog post we are looking into the #verification of #ArchLinux artifacts, using the `voa` #CLI and its #OpenPGP backend:
https://devblog.archlinux.page/2026/verify-arch-linux-artifacts-using-voa-openpgp/

#devblog #RustLang #SovereignTechFund #DigitalSignature #packaging