On 10-Apr-14 07:54, openvpn-users-requ...@lists.sourceforge.net wrote:
Many projects use PGP to sign the release files with a release key, which is well-known and published in multiple places. Once you have the key, it is usable for many releases/patches/emails (typically a year or two).Date: Thu, 10 Apr 2014 13:50:27 +0200 From: David Sommerseth<openvpn.l...@topphemmelig.net>Samuli: Maybe our release announcements should be PGP signed, with sha256sums of the files we're releasing? And maybe we should consider a possibility to host at least a copy of the PGP signatures of our files on an external server too? (That should*not* be a mirrored setup, but somehow distributed outside of a public HTTP{,S}) <paranoid mode="off"/>
One visible example is ISC, which does this with bind, dhcp, etc. see www.isc.org/downloads/
S/MIME signed email (such as this one) should be easy for an X.509-based product :-).
Henry Kissinger: "Yes, I may sound paranoid -- but even paranoids have enemies."
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
