On 20 July 2011 11:32, ilf <i...@zeromail.org> wrote: > Also I fail to see where "package meintainers" are involved.
Lets pretend I'm the package maintainer for Debian and I need to ensure that the dmenu I download indeed came from suckless and was not tampered with. >> So would you be happy just with HTTPS and not checksums I wonder? > No :) Awww! I was next going to suggest an etag or something, but that doesn't work. hendry@x201 ~$ curl -I http://dl.suckless.org/tools/dmenu-4.4.tar.gz HTTP/1.1 200 OK Content-Type: application/octet-stream Accept-Ranges: bytes Content-Length: 9308 Date: Wed, 20 Jul 2011 11:00:04 GMT Server: lighttpd/1.4.19 Surprised we're running lighttpd tbh. I thought garbeam liked nginx. Regards,