On 20/12/2011 10:39, Daniel Kalchev wrote: > > > On 20.12.11 11:42, Garrett Cooper wrote: >> As long as I have reliable checksums that match the what the upstream >> source says is the real thing, it doesn't practically matter where I >> get my images from. > > Relying on checksums that are published on the same web site where you > download the files from and given that most of these sites do not even > use SSL.... so much about 'security'. > This does remind me of one issue that while a little off topic for this thread.... If i wanted to get, for example the SHA265 checksums from a verified source, how would i verify this currently? There doesnt seem to be an SSL site for www.freebsd.org and its not too hard to redirect someone to a fake website. What would be a more reasonable list to request this on? Vince > Daniel > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe_at_freebsd.org"Received on Tue Dec 20 2011 - 12:46:05 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:22 UTC