Proposal: Implementing signing process for official tarballs (try #1)
toma at kde.org
Sun May 30 12:04:23 CEST 2010
On Fri, 28 May 2010 23:32:58 +0200, Dirk Mueller <mueller at kde.org> wrote:
> I'm fine with providing a signature again, but fact is that nobody
> them again so far. Just providing the md5sums on the website was enough
> - people are mostly concerned about incomplete/wrong downloads rather
> malicious attacks.
I'ld be in favor to reintroduce it again. Although I'm happy with a simple
setup. Signing with your personal key would be ok for me, provided we
mention that on the info page, which resides in svn.
More information about the release-team