Follow-up Comment #4, sr #109567 (project administration):
> the users should make sure that they use the right public keys; but there is
no other real way to protect from MITM.
I disagree. Checking the keys is *one way* to protect from MITM.
The other way is to download the .sig file from a trusted place (the master
server, not a mirror) through https, then check whether this signature matches
the downloaded binary from the untrusted mirror.
The load of downloading the signatures should be bearable for the master
server, since they are not large.
The second way to protect from MITM is easier to implement than the first way.
In particular, it has been suggested that the 'wget' program, through an
option, could be directed to do the verification. It would be much easier to
implement the second way in wget, than the first way.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/support/?109567>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
