Quoting r. Roland Dreier <[EMAIL PROTECTED]>: > Subject: Re: creating releases for the libraries you own > > > > > Well, with ~user/html I can easily cook up a perl script to generate > a MD5 > > > > checksums or sign stuff and just stick them in the same directory as > original files. > > > > > > But you can do that with any old hosting, can't you? Or am I missing > > > something? > > > > This depends on the level of paranoia :) If all files are on the same > > server, I only have to trust that server's integrity. > > But we're talking about signed releases, right? Surely you're not > going to put your private key on some web server -- you're going to > sign the packages before you upload them anyway. So I still don't see > why I care about web hosting, given how many other places already give > it to me.
Not me as a developer - me as a user :). The user already has to trust openfabrics server's integrity since that's where he got the download link from. So at least the signatures should be on the openfabrics server too - otherwise its an extra server to trust, for the user. And since this means we need web hosting on openfabrics server already, let's put the packages themselves there, too. -- MST _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
