On 10/09/2013 23:56, Frank Karlitschek wrote: > Hi Tim, > > thats a great suggestion. I will check what we can do here to offer a > way to check the integrity of the tar files. I will get back to you > soon. > > Frank > > On 10.09.2013, at 21:44, Timothée Ravier <[email protected]> wrote: >> There is currently no easy way to check the validity of the >> Owncloud release tarballs available at owncloud.org. >> >> In order to increase safety/security of Owncloud releases, may I >> suggest you the following points: >> >> * add the md5sum and sha256sum of the source tarball to release >> emails; >> >> * sign those emails using PGP and make the public key available on >> keyservers and the Owncloud website; >> >> * add a detached PGP signature file instead of the current md5sum >> file (you could keep the md5sum one on the same line as the link on >> the web page, no need for an extra file).
Any updates on this matter? Tim _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
