On Mon, 2017-08-28 at 12:11 -0700, Gregory Sloop wrote: > Nikos... > > Is it possible to generate checksums for the Windows binaries so we > can verify downloads have not been tampered with? > [This seems like the easiest/least-hassle option I can think of.] > SHA-256 I suppose? > I'd probably want checksums anyway - but with a non secure FTP it > worries me quite a lot more...
Hi, I'd like to stop distributing these binaries on ftp and switch to linking directly to the binaries generated during the CI run. For example: https://gitlab.com/gnutls/gnutls/builds/artifacts/gnutls_3_6_0_1/download?job=MinGW64/DLLs https://gitlab.com/gnutls/gnutls/builds/artifacts/gnutls_3_6_0_1/download?job=MinGW32/DLLs That would not address signing the binaries (couldn't really do as gitlab runners are not under our full control), but would provide the binaries over https, and would automate the process allowing to access the binaries of a release without delay, and without requiring manual generation. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
