Emil Ivov wrote:
We are not currently signing packages
Jitsi isn't just some wallpaper or fontset or game. It's a tool people rely on for secure communication. I want to use it, but I can't, because I can't find any evidence that the developers are willing to take responsibility for even the stable builds on jitsi.org. Since I use Debian stable, I have to wait until 2015 to use Jitsi, since that's when I'll get signatures for it.
Signing will take just a few seconds of your time. There's no reason not to do it.
gpg --export -a yourname
gpg -sba jitsi_2.2.4603.9615-1_i386.deb
If you don't want to sign all your different builds individually, then
sha256sum jitsi* > SHA256SUMS
gpg -sba SHA256SUMS
Yes, we still can't verify that the key is really yours. But signing your builds forces any attack to be far more prominent and risky. Please sign. Those of us who need this precaution will appreciate it.
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop!
Check it out at http://www.inbox.com/marineaquarium