> Philipp Hübner <debala...@arcor.de> writes: >The newest version of truecrypt is 6.0a which uses fuse and runs >completely in userspace. > >What about this? I'd imagine that users would prefer the up2date version.
- 4.3 is stable and has no problems (5.x and 6.x there are multiple reports) - 4.3 is faster and more CPU friendly than later ones. - 4.3 has license that can be used. Later ones have completely changed the licensing. - Later version are complete rewrites - There is no upgrade path from 4.x - 5.x - 6. x - or any later version possible. I welcome someone to try to make an "installer" for later versions. Christoph Anton Mitterer <christoph.anton.mitte...@physik.uni-muenchen.de> writes: > If you download stuff from the web (e.g. the truecrypt sources) that get > somhow installed,.. you really should add some hashsums checking (SHA512) > and abort package installation (or creation) if the sums don't match with > the ones shipped with your package (and probably warn the user about a > potential security incident). I think you refer to tar.gz etc. sources that are available from Web pages. In this case the sources are fetched from Bazaar version control repository hosted by launchpad.net. The repository's integrity isn't compromized while the cloning, the download, happends. If you have more information about bzr version control repository breaches or their lack of security, please let me know. Jari -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
