ANNOUNCE: xfce4-terminal 0.8.2 released
archlinux at nicohood.de
Sun Jan 1 18:59:06 CET 2017
On 01/01/2017 05:50 PM, Andrzej wrote:
> On 30/12/16 21:49, NicoHood wrote:
>> On 12/30/2016 03:52 PM, Igor wrote:
>>> xfce4-terminal 0.8.2 is now available for download from
>> can you please also upload a GPG signature of your sources?
>> Https download mirrors would also be of high importance, otherwise there
>> is not a single authentication for the downloads.
> There is no plan of supporting signatures other than md5, sha1 and
> sha256 (links above). The release system produces them in these three
> formats only and changing it has a negative priority (that is, while it
> works, we are better off not touching it).
> Xfce mailing list
> Xfce at xfce.org
I am sorry but those are message digest and no signatures. And since
they are downloaded via http they proof nothing. It is a high risk for
our users that we need to download the xfce sources over an insecure
channel and cannot verify their authenticity.
Please fix this serious security issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Xfce