|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen signing and wget
On 06/07/2010 16:23, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx> wrote: >> We download tarballs from http://xenbits.xensource.com/xen-extfiles rather >> than random 3rd party sites. And qemu from our very own git repository also >> on xenbits. >> > But you use plaintext connection, which, in security, means random code. > I think we have already went through this last time when discussing the > signing process for Xen ;) Okay, then make a patch, including hashes for our current collection of downloads. K. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |