hi folks--

Thank you very much for your work on roundcube, and for your transition From svn to git. very nice!

I note that tag v0.8.2 isn't signed by any OpenPGP key. If you could sign the release tags with a well-known OpenPGP key, that would be great. In particular, it would make it possible for people to verify that what they're fetching from git is actually the data intended by the developers.

I'd be happy to help you tag signing sorted out, if you're not used doing this with OpenPGP (i don't see any @roundcube.net user IDs on the public keyservers yet).

What do you think?

Regards,

    --dkg