[EMAIL PROTECTED] writes: >On Aug 4, 2008, at 2:06 PM, [EMAIL PROTECTED] wrote: >> [EMAIL PROTECTED] writes: >>> I note as well that properly deploying release signing requires >>> more than script modification. For instance, one does need to >>> consider that the host to sign the releases might itself been >>> taken over and the implications of such a takeover. >> >> For that part, signatures in the 'https:' site would help. > > I think you need to re-think that assertion.
Er, yes, I was thinking of the "outside" equivalent, hacking DNS and "taking over" that way. I have the impression that's the most common way to "take over" a site, but I may be wrong. -- Hallvard
