Hiltjo Posthuma wrote: > Checksums are available in each project directory, yesterday I've added > SHA256 checksums. > > For example: > SHA256: http://dl.suckless.org/dwm/sha256sums.txt > SHA1: http://dl.suckless.org/dwm/sha1sums.txt > MD5: http://dl.suckless.org/dwm/md5sums.txt > > HTTPs will be coming in a few weeks when some things are sorted. Maybe in the > future we can add also add PGP signed releases.
Heyho, I don't see the benefit of checksums without signatures. We already kind of have transmission integrity by IP for release downloads or by git. We really need https, but PGP is probably controversial enough to be discussed. Maybe we have some time for that at the hackathon, but that would exclude people who cannot attend. Thus, start flaming your highly valued opinions about PGP-signing releases to the list nao! ;P --Markus
