signed tarballs
William Roberts
bill.c.roberts at gmail.com
Thu Apr 13 21:08:51 UTC 2017
On Apr 13, 2017 14:05, "Paul Moore" <paul at paul-moore.com> wrote:
On Thu, Apr 13, 2017 at 5:00 PM, William Roberts
<bill.c.roberts at gmail.com> wrote:
> Isn't the hash on the https people's page? Which last time I looked wasnt
> throwing cert errors in chrome.
Unless Steve has exclusive administrative access to people.redhat.com
(I think it is safe to say he does not, but correct me if I'm wrong
Steve <b>) you can't trust an unsigned checksum regardless of how
strong the https cert/crypto as the web admin could still tamper with
the data.
Sure possible, but not super plausible. You're putting some trust in the
administration of that website to begin with.
--
paul moore
www.paul-moore.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170413/084700ca/attachment.htm>
More information about the Linux-audit
mailing list