[X2Go-User] md5 and sha1 checks
Stefan Baur
X2Go-ML-1 at baur-itcs.de
Mon Apr 3 22:28:18 CEST 2017
Am 03.04.2017 um 22:10 schrieb Jeff Sadowski:
> I was wondering if the person building the binaries could put those (md5
> and sha1 sums) both on a page that is gpg signed?
> Then as I get to know the person building the binaries and if the key
> changes I can be suspicious of someone putting up another binary.
I'm not quite sure which binaries you are referring to.
The ones for macOS and Windows have *.asc files in the directory where
the *.dmg / *.exe files are available for download.
Linux packages are signed in a way that the package management system
automatically verifies the GPG signature.
And the pre-built X2Go-TCE-live images have *.asc-files as well.
So which files are lacking a GPG signature, in your opinion?
Kind Regards,
Stefan Baur
X2Go Project/Community Manager
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xCDBE5119.asc
Type: application/pgp-keys
Size: 4647 bytes
Desc: not available
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20170403/cda6d5b9/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20170403/cda6d5b9/attachment-0001.sig>
More information about the x2go-user
mailing list