[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-release-team
Subject:    Re: kde sources not signed any more?
From:       Thomas Zeitlhofer <thomas.zeitlhofer () nt ! tuwien ! ac ! at>
Date:       2008-04-17 22:27:54
Message-ID: 20080417222753.GA27565 () swan ! nt ! tuwien ! ac ! at
[Download RAW message or body]

Hello Dirk,

On Thu, Apr 17, 2008 at 12:03:28PM +0200, Dirk Mueller wrote:
> On Sunday 09 March 2008, Sebastian Kuegler wrote:
> 
> > As I'm not familiar with the process of creating and signing tarballs, I'm
> > CC:ing your question to the release team mailinglist.
> 
> just for time reasons, and it wasn't that much requested so far. the way to 
> verify the download is by comparing the md5sum with the information listed on 
> http://www.kde.org/info/<version number>.php

in contrast to PGP signatures, the authenticity of this page cannot be
verified (also no ssl certificate). So this does not allow to "really"
verify the sources.

Therefore, it would be nice if the sources could be signed again (as it
was the case up to version 3.5.7).

Regards,

Thomas
_______________________________________________
release-team mailing list
release-team@kde.org
https://mail.kde.org/mailman/listinfo/release-team
[prev in list] [next in list] [prev in thread] [next in thread]