From kde-release-team Thu Apr 17 22:27:54 2008 From: Thomas Zeitlhofer Date: Thu, 17 Apr 2008 22:27:54 +0000 To: kde-release-team Subject: Re: kde sources not signed any more? Message-Id: <20080417222753.GA27565 () swan ! nt ! tuwien ! ac ! at> X-MARC-Message: https://marc.info/?l=kde-release-team&m=120877106031555 Hello Dirk, On Thu, Apr 17, 2008 at 12:03:28PM +0200, Dirk Mueller wrote: > On Sunday 09 March 2008, Sebastian Kuegler wrote: > > > As I'm not familiar with the process of creating and signing tarballs, I'm > > CC:ing your question to the release team mailinglist. > > just for time reasons, and it wasn't that much requested so far. the way to > verify the download is by comparing the md5sum with the information listed on > http://www.kde.org/info/.php in contrast to PGP signatures, the authenticity of this page cannot be verified (also no ssl certificate). So this does not allow to "really" verify the sources. Therefore, it would be nice if the sources could be signed again (as it was the case up to version 3.5.7). Regards, Thomas _______________________________________________ release-team mailing list release-team@kde.org https://mail.kde.org/mailman/listinfo/release-team