On 2017-12-10 21:57:06 (+0100), Ralf Mardorf wrote:
> But please, developers consider to sign your tarballs.
+1
--
https://sleepmap.de
signature.asc
Description: PGP signature
___
Linux-audio-dev mailing list
Linux-audio-dev@lists.linuxaudio.org
https
On Sun, 10 Dec 2017 21:52:30 +0100, David Runge wrote:
>You rule!
>Thanks
+1
But please, developers consider to sign your tarballs.
___
Linux-audio-dev mailing list
Linux-audio-dev@lists.linuxaudio.org
https://lists.linuxaudio.org/listinfo/linux-audio-d
You rule!
Thanks
--
https://sleepmap.de
___
Linux-audio-dev mailing list
Linux-audio-dev@lists.linuxaudio.org
https://lists.linuxaudio.org/listinfo/linux-audio-dev
On 11/26/2017 04:10 PM, David Runge wrote:
> That is good news and I'm looking forward to it!
>
> Note, that letsencrypt certificates can easily be setup using SAN
> (Subject Alternative Name), which gets around the need for a wildcard
> certificate (unless you literally have hundreds of subdomain
On Sun, 26 Nov 2017 18:10:15 +0100, Ralf Mardorf wrote:
>[rocketmouse@archlinux ~]$ grep hkp luamd64_1610.sh
>key gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys FBB75451
>EFE21092
I win praise for a script that downloads Ubuntu desktop flavours and
does all the signed key procedure, but i
On Sun, 26 Nov 2017 16:57:12 +, Fons Adriaensen wrote:
>- which keyserver to use ?
In cases of doubt simply use keys.gnupg.net ;).
To get a key by alias or by scripts I'm using different key servers e.g. [1].
Aren't the servers synced? I guess it's just useful that "Some famous LAD
members si
On Sun, Nov 26, 2017 at 04:51:53PM +0100, David Runge wrote:
> That is right. I am not sure, how many can be convinced in the near
> future. Asking is cheap, though, so would that work for you Fons? :)
So that would mean:
- I create a GPG key for signing zita-packages, and make it
available on
On Sun, 26 Nov 2017 16:51:53 +0100, David Runge wrote:
>> Not that much, since even when additionally using TOR, privacy isn't
>> ensured without exceptions,
>> https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting .
>That of course is also true and thanks for pointing it out.
>When w
Hey Ralf,
On 2017-11-21 06:44:27 (+0100), Ralf Mardorf wrote:
> for security reasons developers should consider to provide signed
> checksums, as fortunately e.g.
> https://www.kernel.org/category/signatures.html does. This was
> discussed at e.g. Arch general.
That is right. I am not sure, how ma
Hey Jeremy,
thanks for getting back!
On 2017-11-21 12:44:41 (+0100), Jeremy Jongepier wrote:
> CPU is not a problem. Unless anybody has any objections I'll enable SSL
> for linuxaudio.org subdomains as soon as Let's Encrypt starts offering
> wildcard certificates, that way we can secure more serv
I will joke carelessly about security all I want, sir. Why? Because jokes
are fun.
Having said that, I can vouch for the let's encrypt tool. Used it myself,
very easy to set up.
On Nov 22, 2017 10:23, "Gordonjcp" wrote:
> On Tue, Nov 21, 2017 at 11:01:07AM -0500, Janina Sajka wrote:
> > As a us
On Tue, Nov 21, 2017 at 11:01:07AM -0500, Janina Sajka wrote:
> As a user of Arch and various music related apps, please, please,
> please!
>
> I can report that Let's Encrypt is very easy to use. The cli tool
> certbot handles things very nicely, and the docs are easy to follow.
> This should not
On Tue, 21 Nov 2017, 18:19 Ralf Mardorf, wrote:
> It quasi became a standard, most websites I visit are https nowadays.
> We shouldn't overvalue https.
>
One reason is also that it's a de facto part of supporting HTTP/2, so these
days if you want a better performing site you also need https.
I
On Tue, Nov 21, 2017 at 10:49:22AM +0100, Jeremy Jongepier wrote:
> > An example are all sources hosted here (all of which are packages in
> > Arch's main repos):
> > http://kokkinizita.linuxaudio.org/linuxaudio/downloads/index.htm
>
> That happens to be a subdomain r...@linuxaudio.org does not ma
On Tue, 21 Nov 2017 10:27:26 +0100, Louigi Verona wrote:
>Yeah, more security and privacy, because Linux Audio packages are
>constantly attacked by enemies :D
Btw. packages of major distros are signed. It would make much more
sense, if upstream already would sign the tarballs providing the source
On Tue, 21 Nov 2017 11:39:49 +0100, IOhannes m zmoelnig wrote:
>there is practically no reason to *not* use https:// everywhere
It quasi became a standard, most websites I visit are https nowadays.
We shouldn't overvalue https. I agree that it should be used, if it
shouldn't be too much effort to
Jeremy Jongepier writes:
> Hello David,
>
> > I'm currently taking over a bunch of packages for Arch Linux (mainly
> > pro-audio stuff).
> > Would it be possible to implement letsencrypt for linuxaudio.org and all
> > of its subdomains?
>
> It's possible for linuxaudio.org but not for all the sub
As a user of Arch and various music related apps, please, please,
please!
I can report that Let's Encrypt is very easy to use. The cli tool
certbot handles things very nicely, and the docs are easy to follow.
This should not be hard to implement.
Janina
David Runge writes:
> Hey all,
>
> I'm cu
Hello IOhannes,
On 11/21/2017 11:39 AM, IOhannes m zmoelnig wrote:
> On 2017-11-21 10:49, Jeremy Jongepier wrote:
>> Hello David,
>>
>>> I'm currently taking over a bunch of packages for Arch Linux (mainly
>>> pro-audio stuff).
>>> Would it be possible to implement letsencrypt for linuxaudio.org a
On 2017-11-21 10:49, Jeremy Jongepier wrote:
> Hello David,
>
>> I'm currently taking over a bunch of packages for Arch Linux (mainly
>> pro-audio stuff).
>> Would it be possible to implement letsencrypt for linuxaudio.org and all
>> of its subdomains?
> It's possible for linuxaudio.org but not fo
Hello David,
> I'm currently taking over a bunch of packages for Arch Linux (mainly
> pro-audio stuff).
> Would it be possible to implement letsencrypt for linuxaudio.org and all
> of its subdomains?
It's possible for linuxaudio.org but not for all the subdomains. the
linuxaudio.org server is a s
Yeah, more security and privacy, because Linux Audio packages are
constantly attacked by enemies :D
On Nov 21, 2017 06:44, "Ralf Mardorf" wrote:
> On Tue, 21 Nov 2017 02:54:14 +0100, David Runge wrote:
> >Would it be possible to implement letsencrypt for linuxaudio.org and
> >all of its subdomai
On Tue, 21 Nov 2017 02:54:14 +0100, David Runge wrote:
>Would it be possible to implement letsencrypt for linuxaudio.org and
>all of its subdomains?
>This would greatly improve the security of the packages hosted there
>(or rather their transfer from the server to the build machine) and
>help for s
23 matches
Mail list logo
