Hi, we will definitely look into that to provide this in the future. For ownCloud 6 at the latest.
Frank On 05.10.2013, at 00:49, Timothée Ravier <[email protected]> wrote: > On 10/09/2013 23:56, Frank Karlitschek wrote: >> Hi Tim, >> >> thats a great suggestion. I will check what we can do here to offer a >> way to check the integrity of the tar files. I will get back to you >> soon. >> >> Frank >> >> On 10.09.2013, at 21:44, Timothée Ravier <[email protected]> wrote: >>> There is currently no easy way to check the validity of the >>> Owncloud release tarballs available at owncloud.org. >>> >>> In order to increase safety/security of Owncloud releases, may I >>> suggest you the following points: >>> >>> * add the md5sum and sha256sum of the source tarball to release >>> emails; >>> >>> * sign those emails using PGP and make the public key available on >>> keyservers and the Owncloud website; >>> >>> * add a detached PGP signature file instead of the current md5sum >>> file (you could keep the md5sum one on the same line as the link on >>> the web page, no need for an extra file). > > Any updates on this matter? > > Tim > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
