Hello everyone,

I have continually been perplexed by the (apparent) lack of ways to
retrieve the code for org-mode in a secure fashion, but always thought that
I just haven't tried hard enough. Today it dawned on me that there probably
simply is no such way.

I know that https can be a bit tedious to setup so I am not asking for it
(though I do think it would be great if it was enabled on the site in some
fashion). However, gpg signing release tag commits is dead simple and would
take a total of maybe 10 minutes of work over the lifetime of the project
(please correct me if I'm wrong). Given this, is there a reason this is not
being done?

And if there is no reason, would it be possible to begin doing it, going
forward?

Thanks in advance for the consideration,
Kosta