Fedora 8 torrents aren't signed!?
Björn Persson
listor3.rombobeorn at tdcpost.se
Mon Nov 12 02:14:32 UTC 2007
söndagen den 11 november 2007 skrev Rahul Sundaram:
> http://fedoraproject.org/verify is up. Would be added to the download
> page soon.
That page says, quite correctly, that the downloaded file should be verified
for security and integrity. Then it says that if the file was downloaded via
Bitorrent it has already been verified. Is that really so? As far as I know
Bittorrent verifies for integrity but not for security – that is, it guards
against errors in the download process but not against a maliciously modified
torrent. Does Bittorrent verify some cryptographic signature that I don't
know about?
Björn Persson
More information about the fedora-list
mailing list