[kid3] [Bug 422123] macOS pre-compiled binary release lacks code-signature or published hash
https://bugs.kde.org/show_bug.cgi?id=422123 --- Comment #2 from vbzfua --- Yes, the Apple DeveloperID/certificate situation is a real problem for FOSS projects. Many macOS projects do use GPG signatures as there is well maintained and fairly mature GPG software available [1]. Some of the FOSS projects providing GPG signatures for their macOS binary archives are: Handbrake, Thunderbird, Firefox, VeraCrypt, VLC, osxfuse, LibreOffice. Would another option be to simply publish the sha256 of the binary archives separately from the downloads, perhaps at kid3.kde.org ? [1] https://gpgtools.org -- You are receiving this mail because: You are watching all bug changes.
[kid3] [Bug 422123] macOS pre-compiled binary release lacks code-signature or published hash
https://bugs.kde.org/show_bug.cgi?id=422123 vbzfua changed: What|Removed |Added Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #4 from vbzfua --- (In reply to Urs Fleisch from comment #3) That looks like a reasonable way to ensure the integrity of the binary releases. Thanks for addressing the issue so quickly. Marking status as: Resolved/Fixed. -- You are receiving this mail because: You are watching all bug changes.
[kid3] [Bug 422123] New: macOS pre-compiled binary release lacks code-signature or published hash
https://bugs.kde.org/show_bug.cgi?id=422123 Bug ID: 422123 Summary: macOS pre-compiled binary release lacks code-signature or published hash Product: kid3 Version: 3.8.x Platform: macOS Disk Images OS: macOS Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: uflei...@users.sourceforge.net Reporter: vbz...@tutamail.com Target Milestone: --- The binary release of the macOS kid3.app lacks an Apple DeveloperID code-signature or a published hash value/detached signature for authentication and integrity of the binary/dmg. Using macOS code-signing and/or publishing a hash/detached signature would allow end-users to verify the integrity of the app/dmg. -- You are receiving this mail because: You are watching all bug changes.