Cryptographically signed releases
Marc Lehmann
schmorp at schmorp.de
Fri Jan 3 20:51:44 CET 2014
On Fri, Jan 03, 2014 at 04:35:46PM +0100, Mariska Koch <omgoch at gmail.com> wrote:
> Can you distribute your source code (the tar.gz files) via for example
> https
What would the point of https be?
> and provide cryptographic signatures for the releases such that users
> can know that they got the software from you as and not from Mallory?
And that somehow makes it trustworthy? And how would users know that from
a signature anyway? Who would be the trust broker for the signature?
I am not convinced the added value is actually worth the effort.
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schmorp at schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
More information about the rxvt-unicode
mailing list