Re: [Gimp-developer] GPG signing of GIMP downloads


On Sun, Jun 4, 2017 at 8:33 AM,  <vbzfua tutamail com> wrote:
Please consider taking the following actions to protect the integrity of the binary software 

We indeed don't sign our tarball at this point, though we have
checksums (but only MD5, I see; would be good if we used better hash
functions. It would be indeed a good idea to sign as well.

This said, our flatpak repository/packages will be fully signed with GPG.


Creating a GIMP software signing GPG key.Publishing and mirroring the above pub key and fingerprint.Signing 
the GIMP binary distributions with the above key.Publishing and mirroring the resulting .asc signatures.
gimp-developer-list mailing list
List address:    gimp-developer-list gnome org
List membership:
List archives:

ZeMarmot open animation film

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]