On 07/05/2016 02:56 PM, jungle Boogie wrote: > On 1 July 2016 at 09:39, Warren Young <w...@etr-usa.com> wrote: >> If you’re expecting the checksum to protect you against someone hacking the >> web site and uploading malware, they can modify the checksums on the web >> site at the same time. > Absolutely. > > As a small request, maybe when Dr. Hipp makes a release, he can also > include the hash in the email. As Andy indicated, this can be archived > by search engines and even available on the archive of the mailing > list.
As a related small request, it would be very much appreciated if more people (including D. R. Hipp) signed their commits with PGP (in addition to the build hashes on the site). After all we already have the fossil 'clearsign' setting, it's just a matter of generating a key (gpg --gen-key) and using it.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
