update readme for clarity

README.md

@@ -1,5 +1,4 @@
-checksums
+# checksums
----------
 
 This repository contains checksums for images, ISO's, and so on for Rocky Linux.
 They are sorted by version into various directories.
@@ -10,3 +9,32 @@ They are sorted by version into various directories.
 | rocky-linux-9      | Rocky Linux 9                  |
 | rocky-linux-rc     | Rocky Linux Release Candidates |
 | images             | Rocky Linux Images per release |
+
+This repository is mirrored here: https://git.resf.org/rocky-linux/checksums
+
+# Why this repository?
+
+One of the goals of this repository is to be a main point of reference for all
+checksums for our images, regardless of release. It can also be a historical
+reference as well because all versions will be available.
+
+This repository is also a result of the following things:
+
+* Keykeeper (part of the peridot build system) does not sign arbitrary files
+or artifacts outside of the build system
+
+* We are planning to move Rocky Linux 8 into the new build system, and along
+with it, the keys that sign the packages and repository metadata
+
+* Some users would rather have a place they can go to that is outside of the
+mirror(s) to verify the signatures are valid and the checksums actually match
+what they claim.
+
+# So the commits are signed, how do I verify?
+
+To verify our signature, click on "commits", click on the green "Verified"
+button where you will see a GPG key ID. You can then search for this ID at
+any of the following:
+
+https://keys.openpgp.org
+https://keyserver.ubuntu.com