On 11 December 2015 at 12:28, Stefan Sperling <s...@stsp.name> wrote:
> I would consider signify keys printed on CDs and copied across several > web sites safer than trusting the hundreds of CA certs shipped with a > standard web browser. On 11 December 2015 at 12:35, Tati Chevron <chev...@swabsit.com> wrote: > The official CD set contains the signify keys for that release and the > next one. Once you have a known good copy of one set, you can always > obtain > future ones securely. Both of you are missing my point, but it's entirely possible I didn't articulate it properly. I know I can trust the CD's; it's one of the main reasons I buy them with every release. I'm saying I shouldn't *have* to rely on snail-mailed physical media. We, as a species, have thought of a solution to this problem long ago. Sure that solution isn't perfect, but if I can guess at the list's attitude, I'd say it's this: > "If we can't make it impossible to intercept traffic, we shouldn't bother with making it merely fiendishly difficult." which I think is unnecessarily fatalistic. In either case, I'd be willing to put my money where my mouth is. Whom do I contact about running a site mirror? -Thijs
