On Tue, 21 Nov 2017 02:54:14 +0100, David Runge wrote:
>Would it be possible to implement letsencrypt for linuxaudio.org and
>all of its subdomains?
>This would greatly improve the security of the packages hosted there
>(or rather their transfer from the server to the build machine) and
>help for said packages not to be dropped, as more and more distros try
>to switch to more reliable and authenticatable (is that a word?)
>upstreams.
Hi,
for security reasons developers should consider to provide signed
checksums, as fortunately e.g.
https://www.kernel.org/category/signatures.html does. This was
discussed at e.g. Arch general.
>Additionally, there is the benefit of raising privacy for users of all
>things hosted on linuxaudio.org.
Not that much, since even when additionally using TOR, privacy isn't
ensured without exceptions,
https://www.torproject.org/docs/faq.html.en# .AttacksOnOnionRouting
Regards,
Ralf
--
$ pacman -Q linux{,-rt{,-cornflower,-pussytoes}}|awk '{print $2}'
4.14-2
4.13.13_rt5-1
4.11.12_rt16-1
4.14_rt1-1
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@lists.linuxaudio.org
https://lists.linuxaudio.org/listinfo/linux-audio-dev