A checksum file (a file containing all checksums) can be included in the ftp folders
(each folder can have one checksums file for the files it contains)

This way the web page won't have to be updated with every release

Otherwise if you absolutely can't,  please add clear instructions on  how to verify the downloads using the signatures, I personally tried my best and still failed

Thanks
Ali

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Lars Ingebrigtsen <larsi@gnus.org>
Sent: Friday, May 27, 2022 6:59:25 AM
To: Ali Elshishini <shishini@outlook.com>
Cc: 55666@debbugs.gnu.org <55666@debbugs.gnu.org>
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads

Ali Elshishini <shishini@outlook.com> writes:

> May you please include a list of SHA-256 hashes for the downloads in
> https://www.gnu.org/software/emacs/download.html
>
> This will provide an easy and secure way to verify downloads
> Please note that the experience to verify the signature on windows is very poor
> and it for me at least ended up with the file nor being verified because of missing
> public key
>
> A SHA-256 hash will be a simple solution

That would require people to edit that web page every time they generate
a package, which would be error prone and require too much work of the
people who build the packages.

The packages are signed, which I think should be more than sufficient,
so I'm closing this bug report.

--
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no