Post SHA-256 hash of Developer Signing Key

[shrimprugbysnowowl]

The project offers a direct apk download option from github as well as being hosted in the fdroid official repo. The app hosted in fdroid is built and signed by the fdroid developers, which some view as a security issue. Apps like Obtainium are becoming more popular and allow users to track updates to apps and directly download the apk from github, but those users should have a way to verify that the build was signed by the developer. Posting the sha-256 hash of the developer signing key in the project README and on the SecUSo website would be appropriate.

Based on the downloaded pfa-qr-scanner-release-v4.6.1, the hash appears to be, 46:6D:66:DC:05:8F:73:04:3E:5E:9B:DD:56:06:FD:AE:C1:9D:8F:80:C4:7F:44:C1:80:7D:65:77:5D:73:5C:3F.
I'm happy to create a PR for the README if you are amenable to inclusion.

Thank you for your consideration.

[shrimprugbysnowowl]

Good morning, @udenr . Is this something that I could assist with?

[udenr]

Sorry for the late response, as we were internally discussing changing the key in the future. However, for the meantime, we have added the fingerprint to our website.

[shrimprugbysnowowl]

Is the website open sourced on github?
It really should be added to a medium which can be easily tracked for changes, such as in the github readme for each app.