[LAD] https for linuxaudio.org

Ralf Mardorf ralf.mardorf at alice-dsl.net
Tue Nov 21 05:44:27 UTC 2017


On Tue, 21 Nov 2017 02:54:14 +0100, David Runge wrote:
>Would it be possible to implement letsencrypt for linuxaudio.org and
>all of its subdomains?
>This would greatly improve the security of the packages hosted there
>(or rather their transfer from the server to the build machine) and
>help for said packages not to be dropped, as more and more distros try
>to switch to more reliable and authenticatable (is that a word?)
>upstreams.

Hi,

for security reasons developers should consider to provide signed
checksums, as fortunately e.g.
https://www.kernel.org/category/signatures.html does. This was
discussed at e.g. Arch general.

>Additionally, there is the benefit of raising privacy for users of all
>things hosted on linuxaudio.org.

Not that much, since even when additionally using TOR, privacy isn't
ensured without exceptions,
https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting .

Regards,
Ralf

-- 
$ pacman -Q linux{,-rt{,-cornflower,-pussytoes}}|awk '{print $2}'
4.14-2
4.13.13_rt5-1
4.11.12_rt16-1
4.14_rt1-1


More information about the Linux-audio-dev mailing list