I suggest to separate the current verification script into one which verifies the source release artifact and another which verifies the binaries:
- checksum and signatures as is right now
- install linux packages on multiple distros via docker
We could test wheels and conda packages as well, but in follow-up PRs.
cc Kouhei Sutou