On 20/12/2011 10:39, Daniel Kalchev wrote: > > > On 20.12.11 11:42, Garrett Cooper wrote: >> As long as I have reliable checksums that match the what the upstream >> source says is the real thing, it doesn't practically matter where I >> get my images from. > > Relying on checksums that are published on the same web site where you > download the files from and given that most of these sites do not even > use SSL.... so much about 'security'. > This does remind me of one issue that while a little off topic for this thread.... If i wanted to get, for example the SHA265 checksums from a verified source, how would i verify this currently? There doesnt seem to be an SSL site for www.freebsd.org and its not too hard to redirect someone to a fake website. What would be a more reasonable list to request this on?
Vince > Daniel > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[email protected]"
