Am 03.04.2017 um 22:10 schrieb Jeff Sadowski: > I was wondering if the person building the binaries could put those (md5 > and sha1 sums) both on a page that is gpg signed? > Then as I get to know the person building the binaries and if the key > changes I can be suspicious of someone putting up another binary.
I'm not quite sure which binaries you are referring to. The ones for macOS and Windows have *.asc files in the directory where the *.dmg / *.exe files are available for download. Linux packages are signed in a way that the package management system automatically verifies the GPG signature. And the pre-built X2Go-TCE-live images have *.asc-files as well. So which files are lacking a GPG signature, in your opinion? Kind Regards, Stefan Baur X2Go Project/Community Manager -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
0xCDBE5119.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ x2go-user mailing list [email protected] http://lists.x2go.org/listinfo/x2go-user
