[yjftsjthsd-h]

I dunno, I actually think a public key is better than a hash, because it lets you sign updated images without having to update things on the client. Obviously it should be user-controlled, but this feels like a legitimate use.

[xur17]

It is more flexible than a hash, but it's also more complicated.

[michaelmior]

I don't really see it being that much more complicated. Signing the image is just one extra step when you publish, but it also means that you never need to update client machines unless the key is compromised.