I was mislead by the "sign" name. We do need the SHA512 checksums file, we just want to stop _signing_ it.