test signed checksum files and torrents the same way ISOs are tested now?

[Andre Robatino]

Currently, ISOs are posted in a temporary location, go through a
test-fix-test-fix... cycle, then when ready (as decided at the Go/No-Go meeting)
are posted in permanent locations. This does not happen with signed checksum
files and .torrent files, even though they are part of the published content. I
propose that

1) ASAP after ISOs are Gold (but never before), the checksum files should be
signed and be placed in the stage/ directory replacing the unsigned checksum
files.

2) The .torrent files should then be created, using the ISOs and signed checksum
files in stage/, and placed in some temporary location (NOT where they currently
go).

3) QA tests should be done to verify that the checksum files in stage/ are
properly signed and have checksums matching those for the previous unsigned
files, and that the .torrent files match the content in stage/ (both ISOs and
signed checksum files). These tests are objective and trivial, so obviously
don't need another Go/No-Go meeting.

4) When the signed checksum tests pass, the ISOs and signed checksum files get
sent to the mirrors.

5) When the .torrent tests pass, the .torrent files go to their permanent
locations. (Of course this doesn't have to be done immediately, the important
thing is that it doesn't happen until the tests pass.)

6) When all tests pass, the corresponding files in stage/ can optionally be
deleted. If any tests fail, fix and test again.

Does this sound reasonable?