https://bugs.kde.org/show_bug.cgi?id=451486
--- Comment #12 from Ben Cooksley <bcooks...@kde.org> --- Correct, the ultimate chain of trust is verified by the GPG signature. You should be able to retrieve the public key from the appropriate public keyserver. The hash sums verify the integrity of the download is the same as the file on the master server. -- You are receiving this mail because: You are watching all bug changes.
