On Tue, Dec 20, 2011 at 5:46 AM, Vincent Hoffman <vi...@unsane.co.uk> wrote: > On 20/12/2011 10:39, Daniel Kalchev wrote: >> >> >> On 20.12.11 11:42, Garrett Cooper wrote: >>> As long as I have reliable checksums that match the what the upstream >>> source says is the real thing, it doesn't practically matter where I >>> get my images from. >> >> Relying on checksums that are published on the same web site where you >> download the files from and given that most of these sites do not even >> use SSL.... so much about 'security'. >> > This does remind me of one issue that while a little off topic for this > thread.... > If i wanted to get, for example the SHA265 checksums from a verified > source, how would i verify this currently? There doesnt seem to be an > SSL site for www.freebsd.org and its not too hard to redirect someone to > a fake website. > What would be a more reasonable list to request this on?
And so the masses go off on a quest to answer how to obtain releases instead of staying focused on the original problem at hand.. -Garrett _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
