Re: [dev] dl.suckless.org file integrity github project

From: Markus Teich <markus.teich_AT_stusta.mhn.de>
Date: Wed, 23 Aug 2017 22:03:41 +0200

Hiltjo Posthuma wrote:
> Checksums are available in each project directory, yesterday I've added
> SHA256 checksums.
>
> For example:
> SHA256: http://dl.suckless.org/dwm/sha256sums.txt
> SHA1: http://dl.suckless.org/dwm/sha1sums.txt
> MD5: http://dl.suckless.org/dwm/md5sums.txt
>
> HTTPs will be coming in a few weeks when some things are sorted. Maybe in the
> future we can add also add PGP signed releases.

Heyho,

I don't see the benefit of checksums without signatures. We already kind of have
transmission integrity by IP for release downloads or by git. We really need
https, but PGP is probably controversial enough to be discussed. Maybe we have
some time for that at the hackathon, but that would exclude people who cannot
attend.

Thus, start flaming your highly valued opinions about PGP-signing releases to
the list nao! ;P

--Markus
Received on Wed Aug 23 2017 - 22:03:41 CEST

This archive was generated by hypermail 2.3.0 : Wed Aug 23 2017 - 22:12:23 CEST