-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/04/14 13:06, Joe Patterson wrote: > Not so much a "confidentiality" benefit as an "integrity" benefit, > to make sure you really are getting your software from who you > think you're getting it from.
The only way to truly get that confirmation is by using the signature files, or other signature mechanism (preferably via another channel) Samuli: Maybe our release announcements should be PGP signed, with sha256sums of the files we're releasing? And maybe we should consider a possibility to host at least a copy of the PGP signatures of our files on an external server too? (That should *not* be a mirrored setup, but somehow distributed outside of a public HTTP{,S}) <paranoid mode="off"/> - -- kind regards, David Sommerseth > On Thu, Apr 10, 2014 at 6:36 AM, David Sommerseth > <openvpn.l...@topphemmelig.net > <mailto:openvpn.l...@topphemmelig.net>> wrote: > > On 10/04/14 11:13, Robo Burned wrote: >> //Paranoid mode > >> Please ensure you are connecting to valid server. DNS >> substitution, MITM > >> Name: swupdate.openvpn.org <http://swupdate.openvpn.org> > Addresses: 108.162.198.149 >> 108.162.199.149 > >> To community: > >> Is there any reason why the sources are not protected by HTTPS? > > Because it's open source and not much to really "hide"? What would > be the real benefit? > > > -- kind regards, > > David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEUEARECAAYFAlNGhYMACgkQDC186MBRfroCcQCYg771JE+mwNvBzPJIEPBs0D+x cgCgiQgNwRjZyGvvR9mKZGVanYgRCo0= =hlnp -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users