Hi Tim, thats a great suggestion. I will check what we can do here to offer a way to check the integrity of the tar files. I will get back to you soon.
Frank On 10.09.2013, at 21:44, Timothée Ravier <[email protected]> wrote: > Hi, > > There is currently no easy way to check the validity of the Owncloud > release tarballs available at owncloud.org. > > In order to increase safety/security of Owncloud releases, may I suggest > you the following points: > > * add the md5sum and sha256sum of the source tarball to release emails; > > * sign those emails using PGP and make the public key available on > keyservers and the Owncloud website; > > * add a detached PGP signature file instead of the current md5sum file > (you could keep the md5sum one on the same line as the link on the > web page, no need for an extra file). > > Thanks, > > Tim > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
