[neon] [Bug 364594] Use https on downloads links

2016-06-22 Thread Pascal d'Hermilly via KDE Bugzilla
https://bugs.kde.org/show_bug.cgi?id=364594 --- Comment #6 from Pascal d'Hermilly --- thanks harald -- You are receiving this mail because: You are watching all bug changes.

[neon] [Bug 364594] Use https on downloads links

2016-06-22 Thread Harald Sitter via KDE Bugzilla
https://bugs.kde.org/show_bug.cgi?id=364594 --- Comment #5 from Harald Sitter --- > In the end, the authoritativeness of the torrent file is just as good because > it really depends on what neon.kde.org tells the visitor. Clearly you need to read up more on how gpg verification

[neon] [Bug 364594] Use https on downloads links

2016-06-22 Thread Pascal d'Hermilly via KDE Bugzilla
https://bugs.kde.org/show_bug.cgi?id=364594 --- Comment #4 from Pascal d'Hermilly --- GPG is great, but it's not a replacement for https. if neon.kde.org got hacked then one would change both the link to the iso and the signing key (which the 1% use). Possibly you would only

[neon] [Bug 364594] Use https on downloads links

2016-06-21 Thread Harald Sitter via KDE Bugzilla
https://bugs.kde.org/show_bug.cgi?id=364594 Harald Sitter changed: What|Removed |Added CC||valorie.zimmer...@gmail.com

[neon] [Bug 364594] Use https on downloads links

2016-06-21 Thread Pascal d'Hermilly via KDE Bugzilla
https://bugs.kde.org/show_bug.cgi?id=364594 --- Comment #2 from Pascal d'Hermilly --- I have a CS degree, has used Kubuntu since 6.06 and I don't know how to verify it. Likely 99% of the downloads will not be verified with this approach. At least you need to write how to

[neon] [Bug 364594] Use https on downloads links

2016-06-21 Thread Harald Sitter via KDE Bugzilla
https://bugs.kde.org/show_bug.cgi?id=364594 Harald Sitter changed: What|Removed |Added Resolution|--- |WONTFIX