> On Jan 14, 2017, at 2:21 PM, shaclacroi <shaclac...@fastservice.com> wrote:
>
> The download page links to checksums at
> http://www.freedos.org/download/verify.txt -- but since this page isn't
> available over https, there's no way to confirm the validity of the
> checksums, since the page could be intercepted and modified by a
> man-in-the-middle attacker
> (https://en.wikipedia.org/wiki/Man-in-the-middle_attack).
>
> As free secure https certficates are now offered by Let's Encrypt
> (https://letsencrypt.org/), it may be advisable to get https set up for
> www.freedos.org.
>
> Alternatively, as I see your hosted on Amazon Web Services, if you're using
> Elastic Load Balancing or Amazon CloudFront, Amazon's Certificate Manager
> also offers free https certificates.
>
> Let me know if I can be of any help.
If you are still concerned that your download might have been compromised by a
MIM, you can get copies of the MD5 & SHA256 hash values or even the download
the entire release media from my server https://fd.lod.bz <https://fd.lod.bz/>
. At present, it contains a mirror of the FreeDOS releases and a FreeDOS
compatible software repository. The repo contains all the packages that shipped
with FreeDOS 1.0 through 1.2, the official repository and a couple other free
software packages that are not in the official repo.
Jerome
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
