Links to the warrant canary files could specify if it links the file directly, or the file on gitlab
On https://puri.sm/warrant-canary/ - the links to the warrant canary could specify if the links target gitlab, or the files directly. This request comes from myself going to the page, right-clicking the .sig (or .sig.todd) file and save it to a local folder. When hovering the files, it says that it is a .sig, which doesn't give any clue to it being that file on the gitlab server. When running
gpg --verify [downloaded_file]
on this downloaded file it says
gpg: no valid OpenPGP data found.
and i a stumped. This is because it has downloaded the gitlab page containing the file (which includes lots of HTML which invalidates my gpg --verify check).
I have done this mistake enough times to warrant this report. ;)