PGP signing is dead for mass distribution. Keys are lost, stolen, or expired. Signatures prove intent at one moment, not integrity over time.
Checkpoint verification proves:
In a checkpoint-verified DIT, there is no "trust on first use" (TOFU). There is only continuous verification.
EXPECTED=$(grep -oP 'sha256:\K[a-f0-9]+' $(basename $CHECKPOINT_URL)) ACTUAL=$(sha256sum $(basename $TOOL_URL) | cut -d' ' -f1) download isomorphic tool checkpoint verified
if [ "$EXPECTED" != "$ACTUAL" ]; then echo "Verification failed!" exit 1 fi
Scope: practical engineering patterns to download and verify ML/model checkpoints and runtime state in a way that works uniformly across environments and is secure, auditable, and reproducible.
This is the most critical step for "checkpoint verified" status. The checkpoint file should contain a pointer to a public, immutable ledger. PGP signing is dead for mass distribution
For example, the checkpoint may include:
checkpoint: blockchain=ethereum, transaction=0xabcdef1234567890...
Or it may include a Merkle root published to a log like Sigstore or Rekor.
To verify against an Ethereum transaction: In a checkpoint-verified DIT, there is no "trust
# Using cast (from Foundry) or any Ethereum RPC client
cast tx 0xabcdef1234567890...
Look for the checkpoint hash in the transaction’s input data or logs. If it matches the hash from Step 4, the download is checkpoint verified.
For Sigstore/Rekor:
rekor-cli verify --artifact=iso-cli-linux-amd64 --signature=iso-cli-linux-amd64.sig