Hi, There is currently no easy way to check the validity of the Owncloud release tarballs available at owncloud.org.
In order to increase safety/security of Owncloud releases, may I suggest you the following points: * add the md5sum and sha256sum of the source tarball to release emails; * sign those emails using PGP and make the public key available on keyservers and the Owncloud website; * add a detached PGP signature file instead of the current md5sum file (you could keep the md5sum one on the same line as the link on the web page, no need for an extra file). Thanks, Tim _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
