[Commotion-dev] Commotion download security
Benjamin Chodoroff
ben at theworkdept.com
Wed Oct 24 15:53:20 UTC 2012
On Wed 24 Oct 2012 11:45:49 AM EDT, Josh King wrote:
> We can't really force anyone to do either one. I think we should
> provide both, so that someone who doesn't have gnupg setup will still
> be able to verify that they have an uncorrupted download.
a recommendation for the release task list: publish checksums and sigs
in more than one place, and link to these other sources in release
announcements+download page - if someone can modify the tarball, they
can probably also modify the checksum on the website :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20121024/a27a7eab/attachment-0001.sig>
More information about the Commotion-dev
mailing list