Natanael: > It would probably be as easy as using SSL with a "null cipher" with > authentication like poly1305.
I preferred to sign the source files on my local hdd using a tool that internally uses gpg. That way the SSL CA's wouldn't have any power over it, neither the web server. If we were to rely on web servers / SSL CA's for this, I wouldn’t see the benefit in signing http. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
