21 Nov
2017
21 Nov
'17
6:44 a.m.
On Tue, 21 Nov 2017 02:54:14 +0100, David Runge wrote:
Would it be possible to implement letsencrypt for
linuxaudio.org and
all of its subdomains?
This would greatly improve the security of the packages hosted there
(or rather their transfer from the server to the build machine) and
help for said packages not to be dropped, as more and more distros try
to switch to more reliable and authenticatable (is that a word?)
upstreams.
Hi,
for security reasons developers should consider to provide signed
checksums, as fortunately e.g.
https://www.kernel.org/category/signatures.html does. This was
discussed at e.g. Arch general.
Additionally, there is the benefit of raising privacy
for users of all
things hosted on linuxaudio.org.
Not that much, since even when additionally using TOR, privacy isn't
ensured without exceptions,
https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting .
Regards,
Ralf
--
$ pacman -Q linux{,-rt{,-cornflower,-pussytoes}}|awk '{print $2}'
4.14-2
4.13.13_rt5-1
4.11.12_rt16-1
4.14_rt1-1