On Tue, Dec 20, 2011 at 5:46 AM, Vincent Hoffman <vince_at_unsane.co.uk> wrote: > On 20/12/2011 10:39, Daniel Kalchev wrote: >> >> >> On 20.12.11 11:42, Garrett Cooper wrote: >>> As long as I have reliable checksums that match the what the upstream >>> source says is the real thing, it doesn't practically matter where I >>> get my images from. >> >> Relying on checksums that are published on the same web site where you >> download the files from and given that most of these sites do not even >> use SSL.... so much about 'security'. >> > This does remind me of one issue that while a little off topic for this > thread.... > If i wanted to get, for example the SHA265 checksums from a verified > source, how would i verify this currently? There doesnt seem to be an > SSL site for www.freebsd.org and its not too hard to redirect someone to > a fake website. > What would be a more reasonable list to request this on? And so the masses go off on a quest to answer how to obtain releases instead of staying focused on the original problem at hand.. -GarrettReceived on Tue Dec 20 2011 - 15:29:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:22 UTC