On Thursday 30 December 2010 23:46:48 Fabio Spelta wrote: > Hello all. > > I tried to install Freenet running the Java WebStart tool. It asked me if I > wanted to continue with the installation after presenting me the X.509 > certificate of Matthew Toseland whose fingerprint > is 85:D7:BE:A3:A7:78:62:D2:0C:48:DF:5A:07:94:8E:72 > > I couldn't find any reference to that fingerprint on the web. > > Then I tried the offline install as suggested as the second option, > downloading this file > http://freenet.googlecode.com/files/new_installer_offline_1314.jar > > Still: I couldn't find on the web it's hashes, neither the md5 nor the sha1 > one. > > How can I trust the Freenet file I am bout to install then? How can I know > that nobody hijacked my connection passing me a wrong file?
You don't. Trust requires money (to buy a cert). Only rich people have money. Rich people can't be trusted. Therefore nobody can be trusted. ;) Seriously, you can, and should, check the GPG signature. > > That's a paranoid behavior, maybe, but what's Freenet about after all? If I > don't trust the web, then I just... don't. > > Thanks for any answer and thank you so much for your work!
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
