https://bugs.kde.org/show_bug.cgi?id=364594
--- Comment #5 from Harald Sitter <sit...@kde.org> --- > In the end, the authoritativeness of the torrent file is just as good because > it really depends on what neon.kde.org tells the visitor. Clearly you need to read up more on how gpg verification works and what a web of trust is. Additionally, you could read my comment #3 and notice that I outline 3 checks necessary to establish authoritativeness, but the website you link to only describes 2 that put together only form a glorified checksum test. I shall repeat myself here. If you want https coverage, get in touch with the kde sysadmins to discuss how to get the entire mirror network to https. If you want a torrent, equally get in touch with kde sysadmins to figure out if they even wanted to host an original seed and ask them to figure how they want that to happen. If they do then we'll gladly accept code to produce and seed torrents. -- You are receiving this mail because: You are watching all bug changes.