So, about the migration. We don't have many open issues, only 44. 19 of which are mine. If we don't find a quick way to transfer them i can just manually reopen all of them on github.

same for pull requests but easier. half are mine and the other half are abandoned or can be reopened on github

What about that?

luigi1111 could you give me triage permission on the github monero-site repo in the meantime? so i can clean up all those old issues

yes, soon

Good point, considering that PDFs can be vectors for malware

How would I go about adding a checksum/signature for the ztm pdfs?

You'd need to either sign them yourself and have your key added to the repo, or have someone else sign them

I also don't know if the PDFs are hosted on the same machine that serves the pages

(wouldn't matter if everyone checks signatures)

Reproducible PDFs is a neat idea too

Then nobody needs to trust that you or the signer generated the PDF directly from source

I imagine you'd need to specify version numbers for all packages

Yeah probably need to build in a specific container to simplify things?

Or be lazy and simply offer the source for people to compile if they're concerned

It's pretty straightforward compared to other builds :D

I'd be interested to hear of someone maliciously building ztm with alterations

I suppose the bigger threat is just replacing with a malware-laden PDF

Not one that's actually ZtM-like...

but one that includes some malware payload

But even so, signed hashes removes the possibility of any such situation