November 23, 2015
On Monday, 23 November 2015 at 04:37:18 UTC, Dicebot wrote:
> And how about GPG signing of releases which comes free and actually helps? :P

On linux, sure. That'd be a good idea. That doesn't help with the usage problems on the other platforms though and GPG is kind of useless without the website certificate to serve the files and public keys.
November 23, 2015
On 2015-11-22 22:45, Brad Anderson wrote:

> Apple isn't as important because I don't believe it does the Untrusted
> Developer warning for opening .dmg files nor does it do it for running
> command line applications.

It does for installers.

-- 
/Jacob Carlborg
November 23, 2015
On Monday, 23 November 2015 at 04:37:18 UTC, Dicebot wrote:
> And how about GPG signing of releases which comes free and actually helps? :P

When you hover over any of the download links on http://dlang.org/download.html, a corresponding .sig link will appear. Is this not what you're referring to?
November 23, 2015
On Sunday, 22 November 2015 at 21:45:06 UTC, Brad Anderson wrote:
> 1. SSL certificate for dlang.org (optionally getting an EV certificate would be a good way to advertise the Foundation in the address bar).

With https://letsencrypt.org/ launching very soon, it might not be necessary to pay for a SSL certificate.

BTW, Certum also offers very cheap (~$20 last I checked) personal Windows code-signing certificates for open source projects. The publisher will say "FirstName LastName, Open Source Developer", so probably not applicable to D.
November 23, 2015
On Monday, 23 November 2015 at 08:33:10 UTC, Vladimir Panteleev wrote:
> On Monday, 23 November 2015 at 04:37:18 UTC, Dicebot wrote:
>> And how about GPG signing of releases which comes free and actually helps? :P
>
> When you hover over any of the download links on http://dlang.org/download.html, a corresponding .sig link will appear. Is this not what you're referring to?

Whoa, this must be pretty new. Though subkey used seems to be almost 1 year old now.

sub   rsa4096/12BB1939 2015-02-27

That is very cool, though decision to put the mention of .sig into hover hint is weird :) I'll sign the key in that case, should start building some trust web.

November 28, 2015
On Monday, 23 November 2015 at 12:35:35 UTC, Dicebot wrote:
> Whoa, this must be pretty new. Though subkey used seems to be almost 1 year old now.
>
> sub   rsa4096/12BB1939 2015-02-27

Why should I renew the subkey w/o cause?
Then everybody would need to redownload my public keys.
In any case I'd be in favor if more people sign my key, though we could do that next time we meet in person ;).
November 28, 2015
On Saturday, 28 November 2015 at 04:27:51 UTC, Martin Nowak wrote:
> On Monday, 23 November 2015 at 12:35:35 UTC, Dicebot wrote:
>> Whoa, this must be pretty new. Though subkey used seems to be almost 1 year old now.
>>
>> sub   rsa4096/12BB1939 2015-02-27
>
> Why should I renew the subkey w/o cause?
> Then everybody would need to redownload my public keys.
> In any case I'd be in favor if more people sign my key, though we could do that next time we meet in person ;).

You shouldn't, sorry for confusion - it was simply line of thought "haven't noticed before, must be new - but key is relatively old, must be blind" :)
1 2
Next ›   Last »