Re: signed tarballs
On Thu, Apr 13, 2017 at 5:00 PM, William Roberts
<bill.c.roberts(a)gmail.com> wrote:
Isn't the hash on the https people's page? Which last time I
looked wasnt
throwing cert errors in chrome.
Unless Steve has exclusive administrative access to people.redhat.com
(I think it is safe to say he does not, but correct me if I'm wrong
Steve <b>) you can't trust an unsigned checksum regardless of how
strong the https cert/crypto as the web admin could still tamper with
the data.
--
paul moore
www.paul-moore.com