Re: [Gimp-developer] GPG signing of GIMP downloads

From: Jehan Pagès <jehan marmottard gmail com>
To: vbzfua tutamail com
Cc: gimp-developer <gimp-developer-list gnome org>
Subject: Re: [Gimp-developer] GPG signing of GIMP downloads
Date: Tue, 6 Jun 2017 16:19:14 +0200

Hi,

On Sun, Jun 4, 2017 at 8:33 AM,  <vbzfua tutamail com> wrote:

Please consider taking the following actions to protect the integrity of the GIMP.org binary software 
distributions.


We indeed don't sign our tarball at this point, though we have
checksums (but only MD5, I see; would be good if we used better hash
functions. It would be indeed a good idea to sign as well.

This said, our flatpak repository/packages will be fully signed with GPG.

Jehan

Creating a GIMP software signing GPG key.Publishing and mirroring the above pub key and fingerprint.Signing 
the GIMP binary distributions with the above key.Publishing and mirroring the resulting .asc signatures.
-eom
_______________________________________________
gimp-developer-list mailing list
List address:    gimp-developer-list gnome org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list




-- 
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot

References:
- [Gimp-developer] GPG signing of GIMP downloads
  - From: vbzfua

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]