I just noticed HTTPS was deployed on Aug 30, and it appears that HTTP requests
are redirected to HTTPS. Congrats! I updated the Github repository README.md[0]
reflecting the new change.
0. https://github.com/atoponce/dl.suckless.org/blob/master/README.md
I also noticed a "sha256sums.txt" file
On Fri, Aug 25, 2017 at 08:12:12AM +0200, Anselm R Garbe wrote:
> - (optional) repo owners/maintainers should sign their future git tags
> for release creation by using their own private PGP key.
Optionally, for those who don't want to use OpenPGP, the author of libsodium
created Minisign back in
On Thu, Aug 24, 2017 at 01:22:33PM +0200, Laslo Hunhold wrote:
> I won't support the PGP snake-oil movement just so you can sleep well
> at night. If you want to go with maximum trust, you can compare the
> tarball-contents with the status of the git-repo at a certain tag.
I'll continue to push ch
On Thu, Aug 24, 2017 at 12:45:15AM +0200, hiro wrote:
> Any responsible suckless person should not download Aaron's software.
> I cannot guarantee it's not ransomware!
There is no software on that github repository. It's all raw text.
--
. o . o . o . . o o . . . o .
. . o . o o o .
On Wed, Aug 23, 2017 at 08:21:45PM +0200, Hiltjo Posthuma wrote:
> Checksums are available in each project directory, yesterday I've added
> SHA256 checksums.
>
> For example:
> SHA256: http://dl.suckless.org/dwm/sha256sums.txt
> SHA1: http://dl.suckless.org/dwm/sha1sums.txt
>
I noticed most software available on http://dl.suckless.org does not provide
checksums and digital signatures for the compressed tarballs, and other files.
I sought to remedy this, by creating a Github repository of only checksums and
digital signatures. It's available at:
https://github.com/a