On Mon, Dec 05, 2016 at 09:02:54AM -0800, Rich Shepard wrote: > On Mon, 5 Dec 2016, Jean-Marc Lasgouttes wrote: > > > Yes, there is this one: > > ftp://ftp.lyx.org/pub/lyx/bin/2.2.2/LyX-222-Bundle-3.exe.sig > > JMarc, > > Perhaps Windows users will use that to check for modification when they > download a new version.
I feel obligated to warn that the .sig file can only be used to verify that the Windows binary that a user downloads is the same one that the release manager uploaded. We currently have no way for Windows files to verify that the binary is the same one that the Windows packager created. For all non-Windows files, the .sig files can be used to verify that the files that a user downloads are the exact same that the packagers created. Scott
signature.asc
Description: PGP signature
