In https://analytics.wikimedia.org/published/wmf-ml-models/ we store the models uploaded to Lift Wing. We should add sha512 checksum to all files to allow people to verify the binaries after downloading them.
Extra caveat - we should verify if anybody is allowed to change files under that directory, to make sure that they cannot be tampered easily (or mistakenly changed etc..). For example:
- MLOps uploads the model binary and the checksum to analytics.wikimedia.org.
- User X with access to the stat boxes copies over their models on the same dir, overwriting the content.