Switching from GPG to Minisign for download signatures

[samuel-lucas6]

I'd like to stop using GPG for the download signatures because it's an unfriendly and dated program. However, I can foresee people complaining about GPG signatures not being used since GPG is preinstalled on many Linux distros. With that said, GPG is less accessible for macOS and Windows users.

The obvious alternative is Minisign, but there aren't pre-built binaries for Linux. I believe certain distros offer downloads though. I could also use Kryptor signatures (coming in v3-beta) like how Frank Denis signs his Minisign binaries using Minisign, but then a user can't verify the download without already having Kryptor, which doesn't make much sense.

If you have any thoughts, please share them. People have got to stop using GPG at some point and move on to better tools. The one thing I don't want to do is sign things with multiple tools because that's extra, unnecessary work putting out each release.

Update (03/01/22)

For the record, my Minisign public key is RWRZzvSG5htEUFlSEl88cMb0pTGXSZmzqTujwpAweUrSJQuWYui8Qpk9. However, I've decided to switch to Kryptor signatures for future releases to allow automated -u|--update functionality and to save people having to download another program.