[Owncloud] Suggestions to improve release announcements
Timothée Ravier
siosm99 at gmail.com
Fri Oct 4 22:49:18 UTC 2013
On 10/09/2013 23:56, Frank Karlitschek wrote:
> Hi Tim,
>
> thats a great suggestion. I will check what we can do here to offer a
> way to check the integrity of the tar files. I will get back to you
> soon.
>
> Frank
>
> On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
>> There is currently no easy way to check the validity of the
>> Owncloud release tarballs available at owncloud.org.
>>
>> In order to increase safety/security of Owncloud releases, may I
>> suggest you the following points:
>>
>> * add the md5sum and sha256sum of the source tarball to release
>> emails;
>>
>> * sign those emails using PGP and make the public key available on
>> keyservers and the Owncloud website;
>>
>> * add a detached PGP signature file instead of the current md5sum
>> file (you could keep the md5sum one on the same line as the link on
>> the web page, no need for an extra file).
Any updates on this matter?
Tim
More information about the Owncloud
mailing list