From kde-release-team  Thu Apr 17 22:27:54 2008
From: Thomas Zeitlhofer <thomas.zeitlhofer () nt ! tuwien ! ac ! at>
Date: Thu, 17 Apr 2008 22:27:54 +0000
To: kde-release-team
Subject: Re: kde sources not signed any more?
Message-Id: <20080417222753.GA27565 () swan ! nt ! tuwien ! ac ! at>
X-MARC-Message: https://marc.info/?l=kde-release-team&m=120877106031555

Hello Dirk,

On Thu, Apr 17, 2008 at 12:03:28PM +0200, Dirk Mueller wrote:
> On Sunday 09 March 2008, Sebastian Kuegler wrote:
> 
> > As I'm not familiar with the process of creating and signing tarballs, I'm
> > CC:ing your question to the release team mailinglist.
> 
> just for time reasons, and it wasn't that much requested so far. the way to 
> verify the download is by comparing the md5sum with the information listed on 
> http://www.kde.org/info/<version number>.php

in contrast to PGP signatures, the authenticity of this page cannot be
verified (also no ssl certificate). So this does not allow to "really"
verify the sources.

Therefore, it would be nice if the sources could be signed again (as it
was the case up to version 3.5.7).

Regards,

Thomas
_______________________________________________
release-team mailing list
release-team@kde.org
https://mail.kde.org/mailman/listinfo/release-team