On 30/11/2017 16:44, Fabian Grünbichler wrote: >> Francesco Ongaro <[email protected]> hat am 30. November 2017 um >> 16:34 geschrieben: >> You are right until you install something manually using dpkg. >> >> Example: >> >> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb > > for which I posted the hash sums on the channel where it was linked (the > forum[1]), which is - surprise - only available over TLS ;) this thread is > starting to get ridiculous.. > > 1: > https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463
Hi Fabian, I think that good security is implemented by overlapping multiple controls while keeping the workflow simple and convenient for end users. When the cost is low it's often a no-brainer to implement a security control. Checking hashes manually is certainly doable, maybe not that convenient. Sorry to sound ridiculous to you[1], my opinion is that being able to communicate in a professional way is a nice skill to cultivate. Best regards, Francesco [1] https://wiki.debian.org/SummerOfCode2013/StudentApplications/FabianG "I am an advocat of free and open source software as well as meaningful security solutions for everyone (such as accessable encrypted communication methods and secure information storage)." -- Francesco Ongaro, Senior Security Researcher ISGroup: Information Security Group (www.isgroup.it) Tel (+39) 045 4853232 Fax (+39) 045 5111719 Voicemail (+39) 02 320624653 AVVISO PRIVACY Il contenuto della presente e-mail ed i suoi allegati, sono diretti esclusivamente al destinatario e devono ritenersi riservati, con divieto di diffusione o di uso non conforme alle finalità per le quali la presente e-mail è stata inviata. Pertanto, ne è vietata la diffusione e la comunicazione da parte di soggetti diversi dal destinatario, ai sensi degli artt. 616 e ss. c.p. e D.lgs n. 196/03 Codice Privacy. Se la presente e-mail ed i suoi allegati sono stati ricevuti per errore, siete pregati di distruggere quanto ricevuto e di informare il mittente al seguente recapito: [email protected] _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
