https://bugs.kde.org/show_bug.cgi?id=364594
--- Comment #4 from Pascal d'Hermilly <pas...@dhermilly.dk> --- GPG is great, but it's not a replacement for https. if neon.kde.org got hacked then one would change both the link to the iso and the signing key (which the 1% use). Possibly you would only serve these files to the visitors that you are interested in (definitely not people with a kde login). In the end, the authoritativeness of the torrent file is just as good because it really depends on what neon.kde.org tells the visitor. Here is documentation for how to verify the iso (It's quite long): http://www.howtogeek.com/246332/how-to-verify-a-downloaded-linux-iso-file-wasnt-tampered-with/ -- You are receiving this mail because: You are watching all bug changes.
