Am 27.01.2017 um 20:23 schrieb Peter Kovacs:
On 27.01.2017 20:17, Marcus wrote:
And it is crucial that the hashes and signature files *not* be
mirrored.  Having them only available at dist.apache.org is the secure
way to detect that the mirror-downloaded binary is authentic and
unaltered.

right, we as OpenOffice project we should make sure that we refer only
to our own files and servers. So, I hope that there is no faulty link.
;-)
This decision would also mean we never release on Mac or Windows shop!
I think this is a fatal decision.

as long as we have no idea who should do this work, it's not really relevant to think now about this. ;-)

Marcus


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to