Am Wed, 31 Oct 2018 07:28:19 -0500 schrieb Nate Bargmann <n...@n0nb.us>:
> Hi Tom. > > One thing you might consider is adding an MD5SUM file and a SHA1SUM > file with those respective signatures in each. Optionally, you can > sign all the files with your GPG key as well. Doing so just provides > a bit of extra assurance that you're indeed to the source of the > files and that they've not been tampered with even though I think a > ham radio logger is a rather low attack vector, but... > > 73, Nate > Hi Nate, thanks for the hint. That is no bad idea. Please have a look at http://download.savannah.gnu.org/releases/tlf/ - you will already find what you asked for. After Rain handed over the savannah account to us I put all releases AND the detached GPG signature file there. (To be honest savannah requires me to do so.) What is still missing is to announce savannah as our main download source. In future releases I will no longer put the files on my personal account as before. If we should continue to provide it via github I am not sure. 73, de tom DL1JBE -- "Do what is needful!" Ursula LeGuin: Earthsea --
pgpH4hUqDLfEI.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Tlf-devel mailing list Tlf-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/tlf-devel
