I followed nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 's "Sparrow standard" for providing signatures and checksums for GH releases:

* A manifest txt file with sha256 sums of each artifact

* A signature file of the manifest file

I like it but didn't really investigate alternative ways to do it. Are there some other schemas you would recommend/like?

I'm just trying to learn best practices as I go.