Re: [dev] dl.suckless.org file integrity github project

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Markus Teich <markus.teich_AT_stusta.mhn.de>
Date: Wed, 23 Aug 2017 22:29:17 +0200

Mattias Andrée wrote:
> If the server's authenticity can be proven with HTTPS,
> what additional secure does PGP-signatures provide?

Some people trust persons they know more than they trust random corporations
with questionable security policies. Other people think PGP sucks. I don't know
which group has the majority in the suckless community, thus I asked for a
gentle vote by flamewar.

I count myself to the PGP proponents, but have to admit, that I might be too
lazy to check the PGP signatures myself.

--Markus
Received on Wed Aug 23 2017 - 22:29:17 CEST

This archive was generated by hypermail 2.3.0 : Wed Aug 23 2017 - 22:36:20 CEST