[Owncloud] Suggestions to improve release announcements
Frank Karlitschek
frank at owncloud.org
Sat Oct 5 10:26:41 UTC 2013
Hi,
we will definitely look into that to provide this in the future.
For ownCloud 6 at the latest.
Frank
On 05.10.2013, at 00:49, Timothée Ravier <siosm99 at gmail.com> wrote:
> On 10/09/2013 23:56, Frank Karlitschek wrote:
>> Hi Tim,
>>
>> thats a great suggestion. I will check what we can do here to offer a
>> way to check the integrity of the tar files. I will get back to you
>> soon.
>>
>> Frank
>>
>> On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
>>> There is currently no easy way to check the validity of the
>>> Owncloud release tarballs available at owncloud.org.
>>>
>>> In order to increase safety/security of Owncloud releases, may I
>>> suggest you the following points:
>>>
>>> * add the md5sum and sha256sum of the source tarball to release
>>> emails;
>>>
>>> * sign those emails using PGP and make the public key available on
>>> keyservers and the Owncloud website;
>>>
>>> * add a detached PGP signature file instead of the current md5sum
>>> file (you could keep the md5sum one on the same line as the link on
>>> the web page, no need for an extra file).
>
> Any updates on this matter?
>
> Tim
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
More information about the Owncloud
mailing list