On 27.01.2017 20:17, Marcus wrote:
And it is crucial that the hashes and signature files *not* be
mirrored. Having them only available at dist.apache.org is the secure
way to detect that the mirror-downloaded binary is authentic and
unaltered.
right, we as OpenOffice project we should make sure that we refer only
to our own files and servers. So, I hope that there is no faulty link.
;-)
This decision would also mean we never release on Mac or Windows shop!
I think this is a fatal decision.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
