Stop distributing detached signatures of Torrent files

Between January 1 and January 20 (before 2.0), we served downloads of:

33366 .torrent files
2308 .torrent.sig files
23669 .iso.sig files

From a security point of view, checking both the .torrent.sig and the .torrent.iso doesn’t bring much as BitTorrent clients are pretty good as hash verification (#9043 (closed)).

Seeing that our .torrent.sig amount for 7% of the download of our .torrent, I wonder whether it’s worth the bits of work to generate the signature and the added complexity in documentation and possible confusion from refering to two different detached signatures to verify, all-in-all, the same end content, a Tails ISO.

Also note that so far in the installation assistant we’re not point to the .torrent.sig file at all. So if want to keep them we need to adjust the assistant accordingly. See also #11019 (closed).

Related issues

Related to #8832 (closed)
Related to #10781 (closed)
Related to #11019 (closed)
Related to #11157 (closed)
Related to #11121 (closed)

Original created by @sajolida on 11127 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information