-K
On 04/29/18 12:26, Bastian Blank wrote:
> Hi Konstantin
>
> Do you expect users to explicitely configure this mirror or is this just
> an internal name?
>
> Regards,
> Bastian
>
> On Wed, Apr 25, 2018 at 03:04:50PM +, Konstantin Ryabitsev wrote:
>> S
Archive-http: /debian/
Maintainer: Konstantin Ryabitsev
Country: US United States
Location: San-Jose, CA
Sponsor: packet.net https://packet.net
Trace Url: http://sjc.edge.kernel.org/debian/project/trace/
Trace Url: http://sjc.edge.kernel.org/debian/project/trace/ftp-master.debian.org
Trace Url
Archive-http: /debian/
Maintainer: Konstantin Ryabitsev
Country: NL Netherlands
Location: Amsterdam
Sponsor: packet.net https://packet.net
Trace Url: http://ams.edge.kernel.org/debian/project/trace/
Trace Url: http://ams.edge.kernel.org/debian/project/trace/ftp-master.debian.org
Trace Url: http
Archive-http: /debian/
Maintainer: Konstantin Ryabitsev
Country: US United States
Location: Parsippany, NJ
Sponsor: packet.net https://packet.net
Trace Url: http://ewr.edge.kernel.org/debian/project/trace/
Trace Url: http://ewr.edge.kernel.org/debian/project/trace/ftp-master.debian.org
Trace Url
not infrastructure."
I believe our approach has merit and results in better security
protections. To verify the validity of any release you should:
1. Download the tarball and sha256sums.asc
2. Verify the signature on sha256sums.asc using a trusted keyring
3. Verify the tarball hash in s
tar.xz "untrusted" and the less tools I
> have to make operate on it the better. This scheme allows an attacker
> that has control over a mirror to provide a .tar.xz that makes unxz do
> undesirable things, see https://en.wikipedia.org/wiki/Zip_bomb for an
> attack idea.
Which i
6 matches
Mail list logo
