Boost logo

Boost :

Subject: Re: [boost] Providing means to verify integrity and authenticity for releases
From: Rene Rivera (grafikrobot_at_[hidden])
Date: 2016-03-14 09:21:49

On Mon, Mar 14, 2016 at 5:10 AM, Daniel Hofmann <daniel_at_[hidden]> wrote:

> Can we please change this situation?

All changes in Boost start with volunteers providing solutions.

Here are some options that come to mind ordered by amount of effort:
> - Providing checksums

Right. Although I doubt most people use checksums.

> - Educating users on the Downloads page

The only education I can think of is step by step instructions on doing
checksum verification. Is that what you mean? Can you clarify?

> - Signing releases with a trusted Release Team key

OK. Can you provide instructions on doing this securely?

- Changing the hosting platform

Do you have suggestions for providers?

-- Rene Rivera
-- Grafik - Don't Assume Anything
-- Robot Dreams -
-- rrivera/ (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Boost list run by bdawes at, gregod at, cpdaniel at, john at