Re: [dev] dl.suckless.org file integrity github project

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Menche <menche_mt_AT_yahoo.com>
Date: Thu, 24 Aug 2017 23:56:37 -0700

On Wed, 23 Aug 2017 22:03:41 +0200
Markus Teich <markus.teich_AT_stusta.mhn.de> wrote:

> Heyho,
>
> I don't see the benefit of checksums without signatures. We already
> kind of have transmission integrity by IP for release downloads or by
> git. We really need https, but PGP is probably controversial enough
> to be discussed. Maybe we have some time for that at the hackathon,
> but that would exclude people who cannot attend.
>
> Thus, start flaming your highly valued opinions about PGP-signing
> releases to the list nao! ;P
>
> --Markus
>

What about OpenBSD's signify tool? The Ed25519 public keys it uses are
very small and easily shared. It has been ported to the other
BSDs and to Linux.
Received on Fri Aug 25 2017 - 08:56:37 CEST

This archive was generated by hypermail 2.3.0 : Fri Aug 25 2017 - 09:00:20 CEST