Hi! We're new to k3s, and hoping to be able to verify downloaded binaries (from https://github.com/k3s-io/k3s/releases and https://hub.docker.com/r/rancher/klipper-lb etc.) ideally via a detached GPG signature with a previously published/well-known GPG key from the k3s maintainers. I've looked over the docs/FAQ, github issues and searched slack so far. It it the case that no such signatures are available? Thank you for any thoughts on this!

Not signed yet

Thanks for confirming. Do you happen to know if paying for commercial Rancher support (or anything else) changes that?

I'm not the best person to answer that, sorry I assume you're interested is somehow similar to what we're doing on Kubewarden => https://github.com/kubewarden/policy-server/releases

@astonishing-park-79642 just building on here. With our Rancher Prime subscription, we will be looking at notarizing images to allow for source integrity to be maintained when selected for use by customers. TLDR, the subscription will allow you to get that.

Many thanks both