Corrupted uploads I had not considered, good one. Maybe our VOTE template in the release plugin could generate a script users can run to download and verify each checksums. We already generate a list of files and their checksum.
Gary On Mon, Jul 13, 2020, 01:43 Stefan Bodewig <[email protected]> wrote: > On 2020-07-12, Rob Tompkins wrote: > > > given the consistency of the signatures from the plugins…do we need to > > check them for releases anymore? > > Yes, please. Not everybody uses the plugins and even if everybody did a > misconfiguration could be pulling in the wrong key or a key not > available from the expected download location. > > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
