[Owncloud] Suggestions to improve release announcements
Frank Karlitschek
frank at owncloud.org
Tue Sep 10 21:56:07 UTC 2013
Hi Tim,
thats a great suggestion. I will check what we can do here to offer a way to check the integrity of the tar files. I will get back to you soon.
Frank
On 10.09.2013, at 21:44, Timothée Ravier <siosm99 at gmail.com> wrote:
> Hi,
>
> There is currently no easy way to check the validity of the Owncloud
> release tarballs available at owncloud.org.
>
> In order to increase safety/security of Owncloud releases, may I suggest
> you the following points:
>
> * add the md5sum and sha256sum of the source tarball to release emails;
>
> * sign those emails using PGP and make the public key available on
> keyservers and the Owncloud website;
>
> * add a detached PGP signature file instead of the current md5sum file
> (you could keep the md5sum one on the same line as the link on the
> web page, no need for an extra file).
>
> Thanks,
>
> Tim
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
More information about the Owncloud
mailing list