On Thu, Apr 13, 2017 at 5:00 PM, William Roberts <[email protected]> wrote: > Isn't the hash on the https people's page? Which last time I looked wasnt > throwing cert errors in chrome.
Unless Steve has exclusive administrative access to people.redhat.com (I think it is safe to say he does not, but correct me if I'm wrong Steve <b>) you can't trust an unsigned checksum regardless of how strong the https cert/crypto as the web admin could still tamper with the data. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
