When I clicked to DL my version, all I saw was a "click here to see hash" that needed me to enable JS. Just sha256, which is good btw, more is not better when it comes to hashes - sha256 is sufficient.
Many open source projects provide all these on 1 page, rather than rely on complex code to deliver the info or display it on the DL page.
I totally understand. Back in grad shool I focused on usable security, and usually less clicks to get to something means more likely people will use the info.
All I see on the DL page are links to the source, nothing on GPG nor hashes
https://www.videolan.org/vlc/#download
When I clicked to DL my version, all I saw was a "click here to see hash" that needed me to enable JS. Just sha256, which is good btw, more is not better when it comes to hashes - sha256 is sufficient.
Many open source projects provide all these on 1 page, rather than rely on complex code to deliver the info or display it on the DL page.
Ex: https://www.torproject.org/download/ lists sigs under each OS option.