On 2017-08-23 7:04 pm, Aaron Toponce wrote:
> I noticed most software available on http://dl.suckless.org does not
> provide
> checksums and digital signatures for the compressed tarballs, and other
> files.
> I sought to remedy this, by creating a Github repository of only
> checksums and
> digital signatures. It's available at:
>
> https://github.com/atoponce/dl.suckless.org
>
> Ultimately, it would be best if these were hosted on dl.suckless.org
> directly,
> but I figured I could help by hosting them here until they can get
> deployed.
> This is to help ensure that you have downloaded all the correct bits
> for both
> the software and the checksum.
>
> Hopefully, this is of some value to the community and suckless users,
> such as
> myself.
I couldn't decide what subthread to add it to, so I'll put it on the
root.
As a side note, has anyone seen what OpenBSD did to handle and secure
their project?
I'll leave it here:
https://www.openbsd.org/papers/bsdcan-signify.html
--
- fao_
PGP fingerprint: 739B 6C5C 3DE1 33FA
"Too enough is always not much!"
Received on Thu Aug 31 2017 - 03:54:40 CEST