Is it some entirely different process than providing hashes and a GPG signature?
Well, yes. Just look at OP and Jason struggling to get their code signed.
Well, yes. Just look at OP and Jason struggling to get their code signed.