[X2Go-Dev] Bug#54: Missing signatures for downloads
glpk xypron
xypron.glpk at gmx.de
Fri Oct 26 14:00:52 CEST 2012
Package: x2goclient
Version: 3.99.2.1
Dear maintainer,
you offer downloads for the x2go client, e.g. on page
http://code.x2go.org/releases/binary-win32/x2goclient
Unfortunately you do not provide any possibility to verify if a downloaded file is authentic, or if during transfer a virus has been added.
Please, provide for each download a GPG signature and optionally SHA1 and MD5 hashs.
http://maven.apache.org/download.html
is a good examples except for the missing SHA1 hash. MD5 alone is not safe anymore.
Best regards
Heinrich Schuchardt
More information about the x2go-dev
mailing list