Re: [Openvpn-users] Where are the 2.3.3 sources?

David Sommerseth Thu, 10 Apr 2014 04:53:10 -0700

The only way to truly get that confirmation is by using the signature
files, or other signature mechanism (preferably via another channel)

Samuli: Maybe our release announcements should be PGP signed, with
sha256sums of the files we're releasing?  And maybe we should consider
a possibility to host at least a copy of the PGP signatures of our
files on an external server too?  (That should *not* be a mirrored
setup, but somehow distributed outside of a public HTTP{,S})

<paranoid mode="off"/>

- -- 
kind regards,

David Sommerseth



> On Thu, Apr 10, 2014 at 6:36 AM, David Sommerseth 
> <openvpn.l...@topphemmelig.net
> <mailto:openvpn.l...@topphemmelig.net>> wrote:
> 
> On 10/04/14 11:13, Robo Burned wrote:
>> //Paranoid mode
> 
>> Please ensure you are connecting to valid server. DNS
>> substitution, MITM
> 
>> Name: swupdate.openvpn.org <http://swupdate.openvpn.org>
> Addresses: 108.162.198.149
>> 108.162.199.149
> 
>> To community:
> 
>> Is there any reason why the sources are not protected by  HTTPS?
> 
> Because it's open source and not much to really "hide"?  What would
> be the real benefit?
> 
> 
> -- kind regards,
> 
> David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEUEARECAAYFAlNGhYMACgkQDC186MBRfroCcQCYg771JE+mwNvBzPJIEPBs0D+x
cgCgiQgNwRjZyGvvR9mKZGVanYgRCo0=
=hlnp
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Where are the 2.3.3 sources?

Reply via email to
