[Owncloud] Suggestions to improve release announcements

Timothée Ravier siosm99 at gmail.com
Fri Oct 4 22:49:18 UTC 2013

On 10/09/2013 23:56, Frank Karlitschek wrote:
> Hi Tim,
> thats a great suggestion. I will check what we can do here to offer a
> way to check the integrity of the tar files. I will get back to you
> soon.
> Frank
> On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
>> There is currently no easy way to check the validity of the
>> Owncloud release tarballs available at owncloud.org.
>> In order to increase safety/security of Owncloud releases, may I
>> suggest you the following points:
>> * add the md5sum and sha256sum of the source tarball to release
>> emails;
>> * sign those emails using PGP and make the public key available on 
>> keyservers and the Owncloud website;
>> * add a detached PGP signature file instead of the current md5sum
>> file (you could keep the md5sum one on the same line as the link on
>> the web page, no need for an extra file).

Any updates on this matter?


More information about the Owncloud mailing list