:: [DNG] How to guarantee authenticity…
Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
M\ 
MMDavid Kuehling at ->
Delete this message
Reply to this message
Autore: David Kuehling
Data:  
To: dng
Oggetto: [DNG] How to guarantee authenticity of Devuan installer downloads?
Hi,

after the recent Mint ISO hack [1], I wonder how secure the Devuan
installer download scheme actually is. The Devuan installer download
page [2] uses plain unencrypted HTML [2]. It does supply sha256
checksums, but these are also provided via unencrypted HTML only. No
GPG signatures or nothing that could provide an independent source for
evaluating authenticity.

Now if I downloaded Devuan from within Cina or Iran or Syria or any
company targeted by the NSA [3], how could I ensure that I still
received a non-tampered with .ISO file?

What about making the download page HTTPS-only (letsencrypt.org?)?

cheers,

David

[1] http://blog.linuxmint.com/?p=2994
[2] http://files.devuan.org/
[3] https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F

Questo messaggio è stato inviato alle seguenti mailing lists:
dng
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [DNG] Enlightenment anyone? ;)Re: [DNG] Debian archives (Was:systemd==bad)->

Donate to Dyne.org

dyne.org open discussions
amministrato da dyne.org hackers		Lurker (versione 2.3)