A crudely made collection of various packages, only meant to be used when proper sources are not enough for some reasons.
You can browse the directory here.
Every package (except original sources archives) is accompanied with a PGP signature
(*.sig). You can verify it like this:
$ curl -sS https://decovar.dev/about/retif-public.asc | gpg --import -
$ gpg --verify ./some-package.7z.sig ./some-package.7z
There is usually also a SHA256 checksum file alongside (*.sha256),
which can be verified like this:
$ shasum -c ./some-package.7z.sha256