From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
don't know if this is of any help to anyone except maybe past me, but i had a hard time finding the correct Public Key to verify the current Krita AppImage: So what finally worked was gpg --import this Public Key here https://files.kde.org/krita/dmitry_kazakov.gpg and gpg --verify krita-5.2.9-x86_64.AppImage.sig then gpg says Good signature (fingerprint: E9FB 29E7 4ADE ACC5 E303 5B8A B69E B4CF 7468 332F). Anyway (>' v ')> here is a drawing i made using my laptops wonky touchpad.
KOOL
if you're worried about the integrity of the sources you're installing from why are you using app images? Use a repo, or flathub
*KOOL
fliptop box
korrected
Kongratulations
Ceep up the good work oops.
:grimace:
compile it yourself I guess
Why would you sign it?
Ah i meant i downloaded the signature from download.kde.org/stable/krita/5.2.9/, just wanted to make sure that the Krita AppImage i had was legitimate
Look at the properties of the file in dolphin. It will show you various file ~~signatures~~ checksums.
sorry, i think my post might be a little misleading everything is fine with the AppImage and the Detached signature (downloaded from krita.org) always has been as far as i know, i only verified the AppImage for 'fun'. The only hiccup i had was that the webpage was unclear on where to find the PGP Public key, that you use to verify the signature. of course doing this is not necessary since i downloaded the AppImage from the official webpage over a secure connection.
Where did you download krita from?
The official website?
Do they not provide an md5sum? I've never seen anyone check an app's integrity issuing public keys
i couldn't find the md5sum s for the current version, i saw they do provide some for older versions https://download.kde.org/Attic/krita/5.2.0/, but they do have GPG Signatures .sig files at https://download.kde.org/stable/krita/5.2.9/ for the current version
It's under details.
Awesome thanks, your right, can't believe i missed that, i guess details do matter