Faf? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eduard Sent: 6. juli 2016 19:40 To: Fossil SCM user's discussion Subject: Re: [fossil-users] Release 1.35 checksums?
On 07/05/2016 02:56 PM, jungle Boogie wrote: > On 1 July 2016 at 09:39, Warren Young <[email protected]> wrote: >> If you’re expecting the checksum to protect you against someone hacking the >> web site and uploading malware, they can modify the checksums on the web >> site at the same time. > Absolutely. > > As a small request, maybe when Dr. Hipp makes a release, he can also > include the hash in the email. As Andy indicated, this can be archived > by search engines and even available on the archive of the mailing > list. As a related small request, it would be very much appreciated if more people (including D. R. Hipp) signed their commits with PGP (in addition to the build hashes on the site). After all we already have the fossil 'clearsign' setting, it's just a matter of generating a key (gpg --gen-key) and using it. _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
