SparkyLinux looks great, but unfortunately I can't use it, because (it seems) the iso images published by SparkyLinux are not signed.
There are checksums provided, but as these are unsigned (and not even served over https) they are only useful for detecting accidental corruption of data, not deliberate MITM attacks.
In the current context, in which awareness of the potential for MITM attacks is higher than ever, this absence of even basic precautions is shockingly naive.
A GPG key already exists for signing SL repo packages:
http://sparkylinux.org/repo/sparkylinux.gpg.key
Would you please consider:
1. Signing each checksums file (allsums.txt) with the repo GPG key.
2. Publishing these signatures alongside the checksums files, prominently linked from the download page.
3. Making the GPG key and/or its fingerprint available over https (less important).
[if, OTOH, I'm missing something obvious and the isos are already being signed, can you make it more obvious to users where to find the signatures.]
Until then you'll be missing out on myself and many other security-concious users who could become valuable testers and developers.
Thanks!