Best practice for software releases is to include GPG signatures to verify that the maintainers of the software are the ones that compiled and released the binary.This prevents a man in the middle attack where an attacker replaces a software release with a malicious version.Users can and should verify GPG signatures themselves but this hub automates the process and will sound the alarm if signature verification fails.Currently, these projects are watched: bitcoin_core, blockclock, coldcard, green_qt, joinmarket, lnd, sparrow, wasabi.If you want to add your Bitcoin project to watchlist, email csumchecker@coinkite.com