Provide checksums for downloads, maybe also sign them.
To enhance security/integrity of the Crown network we could provide checksums (eg: SHA256, MD5) of downloads. The checksums could be cryptographically signed to further enhance user confidence.
Installer scripts and the proposed maintenance package could handle the checksum and signature verification so as to not add any additional complexity for non-technical users (aka investors).
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information