[Owncloud] Suggestions to improve release announcements
frank at owncloud.org
Tue Sep 10 21:56:07 UTC 2013
thats a great suggestion. I will check what we can do here to offer a way to check the integrity of the tar files. I will get back to you soon.
On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
> There is currently no easy way to check the validity of the Owncloud
> release tarballs available at owncloud.org.
> In order to increase safety/security of Owncloud releases, may I suggest
> you the following points:
> * add the md5sum and sha256sum of the source tarball to release emails;
> * sign those emails using PGP and make the public key available on
> keyservers and the Owncloud website;
> * add a detached PGP signature file instead of the current md5sum file
> (you could keep the md5sum one on the same line as the link on the
> web page, no need for an extra file).
> Owncloud mailing list
> Owncloud at kde.org
More information about the Owncloud