On Tue, Jul 14, 2015 at 04:19:10PM +0100, Mark Richards wrote: >Hi, > >I've noticed that you host downloads over http. >This in itself isn't a problem, except I'm not in a position where I can >trust my networks not to spoof http sites. > >I'd like to verify that the download I get is correct using a secure source. >I believe the simplest way is https. > >Do you have an https hosted link to gpg keys or sha2/3 sums that can be used >to verify the download?
As mentioned on #debian-boot just now: https://www.debian.org/CD/verify -- Steve McIntyre, Cambridge, UK. [email protected] "Because heaters aren't purple!" -- Catherine Pitt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
