José, this is a viable request, but supporting it may not be as easy as one thinsk and may not bring any real additional value.
The AppImage versions are generated by a CI/CD pipeline controlled by the KDE project. We developers don't have access to the generated file until it shows up on the net. Adding a checksum file does not bring any security benefit in my eyes, because if someone can exchange the generated AppImage version, this someone is also capable of replacing the checksum file. Just make sure to download from the KDE servers and not a source. The released source code tar balls on the other hand are in fact signed with a GPG key and the signature is available for verification on eg https://download.kde.org/stable/kmymoney/5.2.1/ I recently wrote a blog post about how this all works together. Maybe, you want to take a read at https://blog.bembel.net/2025/12/why-doesnt-kmymoney-provide-old-binary-versions/ Thomas On Sonntag, 28. Dezember 2025 11:33:18 CET José Pekkarinen via KMyMoney-devel wrote: > > Hi kmymoney developers, > > Thanks for the efforts in developing and maintaining this great > application. I was recently noticing the availability of the Appimage, > and since it would simplify my immutable system, I decided to give it > a go, and so far it seems to be doing great, however, I'd like to be > sure what I downloaded is exactly what you offer, and I fail to find > sums or signatures I can check. Would it be possible to publish those > from your end in the near future? > > Thanks! > > -- > José Pekkarinen > > -- Regards Thomas Baumgart ------------------------------------------------------------- Teamwork is the secret that makes common people achieve uncommon results. -------------------------------------------------------------
signature.asc
Description: This is a digitally signed message part.
