[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] Xen signing and wget
On 06/07/2010 16:27, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
>>> But you use plaintext connection, which, in security, means random code.
>>> I think we have already went through this last time when discussing the
>>> signing process for Xen ;)
>> Okay, then make a patch, including hashes for our current collection of
> I'm not a Xen developer. I do not sign your tarballs...
Perhaps best then to sign the tarballs we have on xenbits, and verify the
signatures when we download tarballs. Ian Jackson might pick that up as a
Xen-devel mailing list