Subject: Re: [boost] Providing means to verify integrity and authenticity for releases
From: Rene Rivera (grafikrobot_at_[hidden])
Date: 2016-03-14 09:21:49
On Mon, Mar 14, 2016 at 5:10 AM, Daniel Hofmann <daniel_at_[hidden]> wrote:
> Can we please change this situation?
All changes in Boost start with volunteers providing solutions.
Here are some options that come to mind ordered by amount of effort:
> - Providing checksums
Right. Although I doubt most people use checksums.
> - Educating users on the Downloads page
The only education I can think of is step by step instructions on doing
checksum verification. Is that what you mean? Can you clarify?
> - Signing releases with a trusted Release Team key
OK. Can you provide instructions on doing this securely?
- Changing the hosting platform
Do you have suggestions for providers?
-- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk