El diumenge, 28 d’octubre de 2018, a les 1:43:44 CET, Daniel Vrátil va escriure: > Hola! > > looking for GPG keys for Applications tarballs signatures,
They are on the info page of each release, i.e. https://www.kde.org/info/applications-18.08.0.php The tarballs have been signed by Christoph Feck F23275E4BF10AFC1DF6914A6DBD2CE893E2D1C87. > Google has lead me > to https://kde.org/download/signature.php which contains a pair of fairly > outdated GPG keys - I don't know if this site is linked from anywhere, but > IMO > it should either be updated with keys of people who do sign our tarballs > these > days or removed completely - it would certainly improve the trustworthiness > of > the signatures :-) They are only linked from a few 3.0.x releases. $ wcgrep signature.php ./download/signature.php:6:<!-- $Id: signature.php 523084 2006-03-27 11:23:21Z scripty $ --> ./info/3.0.4.php:35: <a href="http://www.kde.org/download/signature.php";>KDE Signature page</a> ./info/3.0.2.php:34: <a href="http://www.kde.org/download/signature.php";>KDE Signature page</a> ./info/3.0.5.php:32: <a href="http://www.kde.org/download/signature.php";>KDE Signature page</a> ./info/3.0.3.php:35: <a href="http://www.kde.org/download/signature.php";>KDE Signature page</a> ./info/3.0.5a.php:32: <a href="http://www.kde.org/download/signature.php";>KDE Signature page</a> Given that those tarbals are no longer accessible on the web (which i find weird we remove stuff but that's how it is) I guess we can just remove that line and the page altogether. Cheers, Albert > > Cheers, > Daniel > > >
