[poppler] verify of released packages?
Thomas Jarosch
thomas.jarosch at intra2net.com
Sat Aug 18 13:41:38 UTC 2018
Hello Albert,
is there any way to verify the integrity of poppler source releases?
I didn't spot a GPG signature for the tarball
or a simple SHA256 / MD5 checksum.
If a gpg signature is too much effort, it would already help if there's
an official sha256sum in the release announcement on the mailinglist.
(https://lists.freedesktop.org/archives/poppler/2018-July/013275.html)
That would help to verify the download server has not been tampered with.
Thanks in advance!
Thomas Jarosch
More information about the poppler
mailing list