On 7/1/16, Ross Berteig <[email protected]> wrote: > On 7/1/2016 10:11 AM, Lonnie Abelbeck wrote: >> It seems the Checksums are on a different site from the downloads, >> raising the bar for mischief. BTW including 1.35 now. >> http://www.hwaci.com/fossil_download_checksums.html > > FYI, Hwaci is D. R. Hipp's company that owns the assigned copyrights to > all work on fossil. Quoting that page, "Hipp, Wyrick & Company, Inc., or > "Hwaci" for short, is a small North Carolina company providing knowledge > services to clients around the world since 1992." > > That site is as official as fossil-scm.org.
It's the same IP address as www3.fossil-scm.org. More importantly, it is on a separate server, in a separate datacenter, owned by a different company (Hurricane Electric vs. Linode) and in a different state (CA vs TX), from the canonical www.fossil-scm.org server. The idea is that a hack of both servers seems unlikely. FWIW, the checksums were added years ago by request from users on this mailing list. -- D. Richard Hipp [email protected] _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
