Periodically verify signatures in /dist
Give the recent bad signatures of some files in /dist that only came to light after a user emailed helpdesk, I wrote a bash script that I now run periodically on my dist mirror to verify the signatures. I think it's not a bad idea to run it on tpo.org as well.
As first argument, it takes the path to /dist. It uses a local independent public keyring I update from time to time. That path must be customized in the script.
It currently excludes /dist/manual because that contains unsigned copies of the user manual.