A plea for signed tarballs

I would like to request that source tarballs of stable GNOME
distributions be signed, or, that a signed MD5SUMS file exist in an
obvious location, which of course contains md5s of the tarballs.

This will lend authenticity and assuredness of consistency to stuff
downloaded from the project.

IMHO, non-signed distribution files should start to be a thing of the
past ASAP, especially for such large projects which would be difficult
for an individual to review prior to compiling and installing.

Any comments?  Any possibility of this happening?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]