[Owncloud] Suggestions to improve release announcements

Frank Karlitschek frank at owncloud.org
Sat Oct 5 10:26:41 UTC 2013


we will definitely look into that to provide this in the future. 
For ownCloud 6 at the latest.


On 05.10.2013, at 00:49, Timothée Ravier <siosm99 at gmail.com> wrote:

> On 10/09/2013 23:56, Frank Karlitschek wrote:
>> Hi Tim,
>> thats a great suggestion. I will check what we can do here to offer a
>> way to check the integrity of the tar files. I will get back to you
>> soon.
>> Frank
>> On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
>>> There is currently no easy way to check the validity of the
>>> Owncloud release tarballs available at owncloud.org.
>>> In order to increase safety/security of Owncloud releases, may I
>>> suggest you the following points:
>>> * add the md5sum and sha256sum of the source tarball to release
>>> emails;
>>> * sign those emails using PGP and make the public key available on 
>>> keyservers and the Owncloud website;
>>> * add a detached PGP signature file instead of the current md5sum
>>> file (you could keep the md5sum one on the same line as the link on
>>> the web page, no need for an extra file).
> Any updates on this matter?
> Tim
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

More information about the Owncloud mailing list