On Apr 13, 2017 14:05, "Paul Moore" <[email protected]> wrote:
On Thu, Apr 13, 2017 at 5:00 PM, William Roberts <[email protected]> wrote: > Isn't the hash on the https people's page? Which last time I looked wasnt > throwing cert errors in chrome. Unless Steve has exclusive administrative access to people.redhat.com (I think it is safe to say he does not, but correct me if I'm wrong Steve <b>) you can't trust an unsigned checksum regardless of how strong the https cert/crypto as the web admin could still tamper with the data. Sure possible, but not super plausible. You're putting some trust in the administration of that website to begin with. -- paul moore www.paul-moore.com
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
