The recoll Windows installers are unsigned. Also the releases don't have any checksums or signature. Ideally they should be signed using a key that's kept offline to assure integrity from hacking attempts.
Discussion
-
medoc
2017-12-01The release files are signed and checksummed, but the instructions to get the signature were lost at some point. I'm going to restore them on the download page. In practise, just add .asc or .sha256 to the download link, e.g. https://www.lesbonscomptes.com/recoll/recoll-1.23.5.tar.gz.asc
is the detached gpg signature for the tar file.About the installer, do you mean the same kind of thing (a detached pgp signature), or more something like this:
https://stackoverflow.com/questions/26861788/digital-signature-inno-setup
?
-
medoc
2017-12-10Ok. so they are signed actually.
-
medoc
2017-12-10- status: open --> closed
- milestone: -->