signed tarballs
William Roberts
bill.c.roberts at gmail.com
Thu Apr 13 20:30:57 UTC 2017
On Apr 13, 2017 13:28, "Christian Rebischke" <Chris.Rebischke at archlinux.org>
wrote:
On Tue, Apr 11, 2017 at 10:03:54AM -0400, Steve Grubb wrote:
> I added a sha256sum to the release announcement yesterday. You can also
access
> the people page via https.
>
Thanks, but as I stated before. SHA256 and https doesn't ensure a
non-malicious tarball. Only a signed tarball can achieve this.
That's not true, he's providing you a detached signature via this
mechanism. You just need to check the sha256sum before extraction.
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170413/34e95707/attachment.htm>
More information about the Linux-audit
mailing list