Publish sha512 checksums of published artifacts

[arthurzenika]

Describe the feature

For the artifacts published on https://awscli.amazonaws.com/ and referenced in the install documentation https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html it would be nice to have sha256 checksums that can be downloaded to check the integrity of the artifacts. This is complementary to the GPG checks that is encouraged as in some contexts it is simpler to check a sha256 fingerprint than a GPG signature.

Use Case

The context is for "distributions" or "installers" of awscli, such as asdf that can be improved by adding additional checks (important in contexts where SSL can't be trusted) see asdf-vm/asdf#1320 and for awscli specifically MetricMike/asdf-awscli#28

Proposed Solution

The signatures should be generated by the infrastructure generating the distribution of awscli, and probably published as separate files and maybe also published on github for cross reference.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CLI version used

1.27.139

Environment details (OS name and version, etc.)

Ubunutu

[tim-finnigan]

Thanks @arthurzenika for the feature request! I will mark this for further review by the team. In the meantime others can add a 👍 to your post if also interested in seeing this feature.