Hello, I'm looking for a secure way to download the Valgrind source tarballs, or to verify their hashes. Right now it looks like the whole Valgrind web site, including the official downloads, is only available over HTTP (yet is also available over IPv6). So downloads could be tampered with in transit, and probably shouldn't be installed on any systems that need to be secure. (In my case, I'm trying to profile programs on a system that has access to controlled-access genomics data, which needs to be protected.)
I've found that I can clone https://sourceware.org/git/valgrind.git over a secure connection, but I got that URL from the insecure page, so I'm relying on Sourceware's reputation as a place where malicious software is not hosted. And I'm not following any of the recommended install instructions; I had to manually add in the "s" there. *And* I have to clone the whole git repo when really I just want to install the current release of the program. Can the Valgrind website, or at least the tarball downloads, please be given HTTPS support? Or GPG-signed by someone reputable? Thanks, -Adam _______________________________________________ Valgrind-users mailing list Valgrind-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/valgrind-users
