On Mon, Sep 8, 2014 at 11:12 AM, Anthony J. Bentley wrote: > Sushain Cherivirala writes: >> GlobalSign offers free SSL certificates > > I would be much more interested in having the Apertium release tarballs > cryptographically signed with a tool like signify or GPG.
The two are not mutually exclusive, I think both SSL certs for the website and signed tarballs are important and both should be done. Lobbying sourceforge to enable SSL would be useful too. I'm not sure what signify is, but OpenPGP/GPG is very commonly used by software projects to sign their tarballs and VCS commits and tags. The Debian project uses it to secure all uploads and downloads and has some support for checking the signatures of upstream tarballs. BTW, here are some best practices for using OpenPGP: https://help.riseup.net/security/message-security/openpgp/best-practices -- bye, pabs http://bonedaddy.net/pabs3/ ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Apertium-stuff mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/apertium-stuff
