> downloads.asterisk.org is an https site, so certificate auth and all > that should be verifiable.
Currently, Asterisk retrieves its external stuff not via HTTPs but HTTP. One approach would be to change all links to HTTPs within the Asterisk source. However, that is problematic for example in FreeBSD which comes without trust anchors. Furthermore, that approach does not use certificate pinning. Therefore, one alternative is to move the hashes into the Asterisk tarball. This gives at least the same security as certificate pining but does not increase the burden in the local configuration. Actually, this gives bullet proof downloads. The user only has to double-check the signature of the initial download, the download of the Asterisk tarball. Everything else chains up to that. The code is quite the same, just the location of the hashes move. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev