Comment by selfhoster11

There is established precedent for open source projects who have a need to authenticate multiple bundled files within a release: a xxxxSUMS file followed by a detached GPG signature file.

For example, Ubuntu does it like this:

- The SHA256SUMS file which lists the hashes of each ISO, manifest, netboot, etc. file: https://releases.ubuntu.com/24.04.2/SHA256SUMS. This can be verified on any Linux system with the standard hashing utilities installed, but by itself not sufficient to protect file integrity.

- The SHA256SUMS.gpg file which contains a detached GPG/PGP signature of the SHA256SUMS file: https://releases.ubuntu.com/24.04.2/SHA256SUMS.gpg. The signature is tied to a particular GPG key ID (in this case, that key ID is 843938DF228D22F7B3742BC0D94AA3F0EFE21092). If the SHA256SUMS file's detached signature is correct and comes from the correct key ID, you've verified that the files weren't modified in transit or by a mirror.

This scheme only protects a one-level directory (which is enough for many open-source projects). If you have nested directories, it's time to distribute the model as an archive (in which case you just sign the archive).