Provide OpenPGP release signing key

Releases on GitHub (e.g. Releases · nextcloud/desktop · GitHub) offer signature files, but there is no mention of where to find the signing key.

It would be nice to mention this important information. Also the public key 28806A878AE423A28372792ED75899B9A724937A used for signing the releases is not verified on

After some searching I found which offers the public key. But to take friction out of the process of finding that important information both suggestions above should be fairly easy to do and simplify the process for users.

Ok, at least you can find it. For the repository, it would be best to have it in the release section but I don’t know if that is possible. It would be the best to raise this issue there:

Can do, but could you elaborate how you think this is an issue for nextcloud desktop client as it affects all releases on GitHub (server, iOS, Android, desktop, …).

the mobile clients are often downloaded through an app store, so you can’t easily verify yourself.

But it would apply as well for the server repository. For the Nextcloud apps, it should be done through the Nextcloud itself (I suppose). Or start in the server repo, and then they can check out, where it might apply as well. In the end, it could be added everywhere since it would apply for developers.

I am just an enduser trying to verify what I am installing. Any chance at least the public key could be uploaded to It is still not present and upload and verification should be trivial.

Public key still not on so far :frowning:

Yes there is:

and a pull request for the homepage:

Thanks for taking action in regards to this problem. Can you share the email address used in that key?

I think, the email address has not yet been verified on and without that the public key is not usable. Can you please double check?

I haven’t uploaded it, I don’t know that. I just could get the key manually with the command that was in the pull request.