[prev in list] [next in list] [prev in thread] [next in thread]
List: owncloud
Subject: Re: [Owncloud] ownCloud 6 beta2
From: Frank Karlitschek <frank () owncloud ! org>
Date: 2013-11-06 23:08:16
Message-ID: 890DB511-50C1-4E90-976D-A56E5D720EE3 () owncloud ! org
[Download RAW message or body]
On 05.11.2013, at 11:01, Andreas Schneider <asn@cryptomilk.org> wrote:
> On Tuesday 05 November 2013 08:12:37 Frank Karlitschek wrote:
>> On 05.11.2013, at 06:17, Andreas Schneider <asn@cryptomilk.org> wrote:
>>> On Tuesday 05 November 2013 10:03:23 Timoth=E9e Ravier wrote:
>>>> On Wed, Oct 30, 2013 at 12:48 PM, Frank Karlitschek
>>> =
>>> <frank@owncloud.org>wrote:
>>>>> We also sign the downloads and releases from now on with an GPG key.
>>>>> The official ownCloud GPG key is attached to this email and will be
>>>>> linked
>>>>> on the website.
>>>>> =
>>>>> http://download.owncloud.org/community/testing/owncloud-6.0.0beta2.ta=
r.b
>>>>> z2
>>>>> =
>>>>> http://download.owncloud.org/community/testing/owncloud-6.0.0beta2.ta=
r.b
>>>>> z2
>>>>> .asc
>>> =
>>> Frank,
>>> =
>>> you need to sign the tar file not the zipped tar file ;)
>> =
>> Perhaps I'm missing something but:
>> Why?
> =
> It is much easier to find/produce collisions with compressed files.
> =
> See e.g.
> =
> http://cryptography.hyperlink.cz/2004/otherformats.html
> =
> This is the reason why the the projects do a checksum on the tar file and=
not =
> on the compressed file, see:
> =
> https://www.kernel.org/signature.html
> https://www.samba.org/samba/download/
O.K. Thanks for the tip. I will look it.
Frank
> =
> =
> -- andreas
> =
> -- =
> Andreas Schneider GPG-ID: CC014E3D
> www.cryptomilk.org asn@cryptomilk.org
_______________________________________________
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic