https://bugs.kde.org/show_bug.cgi?id=364594

--- Comment #5 from Harald Sitter <sit...@kde.org> ---
> In the end, the authoritativeness of the torrent file is just as good because 
> it really depends on what neon.kde.org tells the visitor.

Clearly you need to read up more on how gpg verification works and what a web
of trust is. Additionally, you could read my comment #3 and notice that I
outline 3 checks necessary to establish authoritativeness,  but the website you
link to only describes 2 that put together only form a glorified checksum test.

I shall repeat myself here. If you want https coverage, get in touch with the
kde sysadmins to discuss how to get the entire mirror network to https.
If you want a torrent, equally get in touch with kde sysadmins to figure out if
they even wanted to host an original seed and ask them to figure how they want
that to happen. If they do then we'll gladly accept code to produce and seed
torrents.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to