[Owncloud] Suggestions to improve release announcements
frank at owncloud.org
Sat Oct 5 10:26:41 UTC 2013
we will definitely look into that to provide this in the future.
For ownCloud 6 at the latest.
On 05.10.2013, at 00:49, Timothée Ravier <siosm99 at gmail.com> wrote:
> On 10/09/2013 23:56, Frank Karlitschek wrote:
>> Hi Tim,
>> thats a great suggestion. I will check what we can do here to offer a
>> way to check the integrity of the tar files. I will get back to you
>> On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
>>> There is currently no easy way to check the validity of the
>>> Owncloud release tarballs available at owncloud.org.
>>> In order to increase safety/security of Owncloud releases, may I
>>> suggest you the following points:
>>> * add the md5sum and sha256sum of the source tarball to release
>>> * sign those emails using PGP and make the public key available on
>>> keyservers and the Owncloud website;
>>> * add a detached PGP signature file instead of the current md5sum
>>> file (you could keep the md5sum one on the same line as the link on
>>> the web page, no need for an extra file).
> Any updates on this matter?
> Owncloud mailing list
> Owncloud at kde.org
More information about the Owncloud