https://bugs.kde.org/show_bug.cgi?id=422123
--- Comment #2 from vbzfua <vbz...@tutamail.com> --- Yes, the Apple DeveloperID/certificate situation is a real problem for FOSS projects. Many macOS projects do use GPG signatures as there is well maintained and fairly mature GPG software available [1]. Some of the FOSS projects providing GPG signatures for their macOS binary archives are: Handbrake, Thunderbird, Firefox, VeraCrypt, VLC, osxfuse, LibreOffice. Would another option be to simply publish the sha256 of the binary archives separately from the downloads, perhaps at kid3.kde.org ? [1] https://gpgtools.org -- You are receiving this mail because: You are watching all bug changes.
