Proposal: Implementing signing process for official tarballs (try #1)
Tom Albers
toma at kde.org
Sun May 30 12:04:23 CEST 2010
On Fri, 28 May 2010 23:32:58 +0200, Dirk Mueller <mueller at kde.org> wrote:
> I'm fine with providing a signature again, but fact is that nobody
> requested
> them again so far. Just providing the md5sums on the website was enough
so
> far
> - people are mostly concerned about incomplete/wrong downloads rather
than
> malicious attacks.
I'ld be in favor to reintroduce it again. Although I'm happy with a simple
setup. Signing with your personal key would be ok for me, provided we
mention that on the info page, which resides in svn.
Best,
--
Tom Albers
KDE Developer
More information about the release-team
mailing list