ensure integrity of binaries before uploading them
Apart from the binaries themselves, we also download the signature. We should take advantage of that and use it to make sure that the downloaded file itself has not been corrupted. For further clarification: Our thread model assumes that the bot can fetch binaries without them being manipulated in any capacity.