On Wed, Jul 05, 2023 at 05:35:01PM +0200, Jeremie Courreges-Anglas wrote: > On Tue, Jul 04 2023, Alexander Bluhm <alexander.bl...@gmx.net> wrote: > > Hi, > > > > ok to import splicebench-1.02 ? > > At first I got puzzled by SUPDISTFILES but gofor it if you find it useful.
If upstream provides a gpg signature, I download it and check it. Although it is not perfect to prevent backdoors, I would feel very bad, if I would commit a tampered port that could be detected by a signature. Downloading the detached signature as SUPDISTFILES makes it easy to verify manually. Any better idea to prevent supply chain attacks? > ok jca@ thanks > > Comment: > > socket splicing network benchmarking tool > > > > Description: > > Splicebench implements a relay for OpenBSD socket splicing. Goal > > it to have a minimal setup for performance and reliability testing. > > > > bluhm > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
