https://bugs.kde.org/show_bug.cgi?id=364594
--- Comment #6 from Pascal d'Hermilly ---
thanks harald
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.kde.org/show_bug.cgi?id=364594
--- Comment #5 from Harald Sitter ---
> In the end, the authoritativeness of the torrent file is just as good because
> it really depends on what neon.kde.org tells the visitor.
Clearly you need to read up more on how gpg verification
https://bugs.kde.org/show_bug.cgi?id=364594
--- Comment #4 from Pascal d'Hermilly ---
GPG is great, but it's not a replacement for https.
if neon.kde.org got hacked then one would change both the link to the iso and
the signing key (which the 1% use). Possibly you would only
https://bugs.kde.org/show_bug.cgi?id=364594
Harald Sitter changed:
What|Removed |Added
CC||valorie.zimmer...@gmail.com
https://bugs.kde.org/show_bug.cgi?id=364594
--- Comment #2 from Pascal d'Hermilly ---
I have a CS degree, has used Kubuntu since 6.06 and I don't know how to verify
it.
Likely 99% of the downloads will not be verified with this approach.
At least you need to write how to
https://bugs.kde.org/show_bug.cgi?id=364594
Harald Sitter changed:
What|Removed |Added
Resolution|--- |WONTFIX