On 2017-08-23 7:04 pm, Aaron Toponce wrote:
I noticed most software available on http://dl.suckless.org does not
provide
checksums and digital signatures for the compressed tarballs, and other
files.
I sought to remedy this, by creating a Github repository of only
checksums and
digital signatures. It's available at:
https://github.com/atoponce/dl.suckless.org
Ultimately, it would be best if these were hosted on dl.suckless.org
directly,
but I figured I could help by hosting them here until they can get
deployed.
This is to help ensure that you have downloaded all the correct bits
for both
the software and the checksum.
Hopefully, this is of some value to the community and suckless users,
such as
myself.
I couldn't decide what subthread to add it to, so I'll put it on the
root.
As a side note, has anyone seen what OpenBSD did to handle and secure
their project?
I'll leave it here: https://www.openbsd.org/papers/bsdcan-signify.html
--
- fao_
PGP fingerprint: 739B 6C5C 3DE1 33FA
"Too enough is always not much!"
