On 06 Jan, 2013, at 00:20, Stijn De Weirdt wrote: > eg hashes are fine, but how are we going to distribute the hashes in a secure > way? use PKI and trust the golden sites?
2 possible ways to offer: * Ship hashes along with easybuild (eg. zsync signatures would be lightweight), on github. (eg. ./contrib) * Use https or such, employing: http://www.terena.org/activities/tcs/participants.html btw. the "golden sites" do not have to be too golden, as long as the correct hashes are provided via a trusted channel... we'd like this because it keep the technology simple? I'll hack something together as soon as time permits next week. nice evening, Fotis
