I just noticed that the 6.0.4 MD5s are served via http. They should be protected with HTTPS (or signed with a private key). Without any authentication of the MD5s, verifying the signature is pointless, from a security point of view.
It looks like https://download.owncloud.org serves the same content as http://download.owncloud.org (for the MD5 URL). It appears that all that would need to be done is change the http links to https for the MD5s. [Page: https://owncloud.org/changelog/] -- -Justin [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
