Hello Albert, is there any way to verify the integrity of poppler source releases?
I didn't spot a GPG signature for the tarball or a simple SHA256 / MD5 checksum. If a gpg signature is too much effort, it would already help if there's an official sha256sum in the release announcement on the mailinglist. (https://lists.freedesktop.org/archives/poppler/2018-July/013275.html) That would help to verify the download server has not been tampered with. Thanks in advance! Thomas Jarosch _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
