[Owncloud] ownCloud 6 beta2
Frank Karlitschek
frank at owncloud.org
Wed Nov 6 23:08:16 UTC 2013
On 05.11.2013, at 11:01, Andreas Schneider <asn at cryptomilk.org> wrote:
> On Tuesday 05 November 2013 08:12:37 Frank Karlitschek wrote:
>> On 05.11.2013, at 06:17, Andreas Schneider <asn at cryptomilk.org> wrote:
>>> On Tuesday 05 November 2013 10:03:23 Timothée Ravier wrote:
>>>> On Wed, Oct 30, 2013 at 12:48 PM, Frank Karlitschek
>>>
>>> <frank at owncloud.org>wrote:
>>>>> We also sign the downloads and releases from now on with an GPG key.
>>>>> The official ownCloud GPG key is attached to this email and will be
>>>>> linked
>>>>> on the website.
>>>>>
>>>>> http://download.owncloud.org/community/testing/owncloud-6.0.0beta2.tar.b
>>>>> z2
>>>>>
>>>>> http://download.owncloud.org/community/testing/owncloud-6.0.0beta2.tar.b
>>>>> z2
>>>>> .asc
>>>
>>> Frank,
>>>
>>> you need to sign the tar file not the zipped tar file ;)
>>
>> Perhaps I'm missing something but:
>> Why?
>
> It is much easier to find/produce collisions with compressed files.
>
> See e.g.
>
> http://cryptography.hyperlink.cz/2004/otherformats.html
>
> This is the reason why the the projects do a checksum on the tar file and not
> on the compressed file, see:
>
> https://www.kernel.org/signature.html
> https://www.samba.org/samba/download/
O.K. Thanks for the tip. I will look it.
Frank
>
>
> -- andreas
>
> --
> Andreas Schneider GPG-ID: CC014E3D
> www.cryptomilk.org asn at cryptomilk.org
More information about the Owncloud
mailing list