+ - Create and sign md5sums files: one in the x86 subdir, one in the
+ alpha subdir, and one in the parent dir of both of those.
+ + The md5sums files need not list the .DSA and .RSA signatures,
+ and the top-level md5sums need not list the other two. Easiest
+ thing is to run, in each directory, this command:
+ md5sum `\find * -name '*SA' -o -type f -print` > md5sums
+ + Sign the md5sums files (gpg --clearsign).
+ for i in md5sums */md5sums; do for t in DSA RSA; do gpg --load-extension=idea --clearsign -u "Releases ($t)" -o $i.$t $i; done; done
+
+ - Now double-check by verifying all the signatures on all the
+ files, and running md5sum -c on all the md5sums files.
+