Siduction Forum

Siduction Forum => Ideas & Improvements => Topic started by: dmoerner on 2017/01/08, 14:33:07

Title: Please sign sha256sums with a Siduction GPG Key
Post by: dmoerner on 2017/01/08, 14:33:07
Hi,


I would much prefer if siduction distributed GPG signatures for the sha256sums of its releases. This provides a further step in verifying the legitimacy of the downloaded ISOs.
Title: Re: Please sign sha256sums with a Siduction GPG Key
Post by: unklarer on 2017/01/08, 22:32:22
ftp://ftp.spline.de/pub/siduction/iso/patience/xorg/amd64_2016-12-23_23-10/ (ftp://ftp.spline.de/pub/siduction/iso/patience/xorg/amd64_2016-12-23_23-10/)

They have it all   ;)
Title: Re: Please sign sha256sums with a Siduction GPG Key
Post by: dmoerner on 2017/01/08, 23:55:57
Unless I'm being very dense, I see no signatures on any of those files. (I also can't quote your post, for some strange reason. Running Chrome 55.0.2883.87.)
Title: Re: Please sign sha256sums with a Siduction GPG Key
Post by: musca on 2017/01/09, 00:51:21
Hello dmoerner,
your request is perfectly valid.

It's a strange world out there where noone can  trust internet providers nor security agencies.

I opened a new feature request: https://bugs.siduction.org/issues/1914

greetings
musca
Title: Re: Please sign sha256sums with a Siduction GPG Key
Post by: dmoerner on 2017/01/09, 01:16:57
Great, thank you!