On 07/06/10 17:24, Keir Fraser wrote: > On 06/07/2010 16:23, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx> > wrote: > >>> We download tarballs from http://xenbits.xensource.com/xen-extfiles rather >>> than random 3rd party sites. And qemu from our very own git repository also >>> on xenbits. >>> >> But you use plaintext connection, which, in security, means random code. >> I think we have already went through this last time when discussing the >> signing process for Xen ;) > > Okay, then make a patch, including hashes for our current collection of > downloads. I'm not a Xen developer. I do not sign your tarballs... joanna.
Description: OpenPGP digital signature
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel