Jacob Yocom-Piatt <j...@fixedpointgroup.com> wrote: > the next best option i can think of is to have the hashes (sha256 and/or > others) fetched via ssh from a trusted site, e.g. your nearest anoncvs > server. it avoids the gnupg requirement but is still susceptible to mitm > on key fingerprints, etc. if you can't trust your local anoncvs server, > you've got a problem that may be too big to fix anyhow.
AnonCVS servers are not any more trustworthy than FTP mirrors. -- Christian "naddy" Weisgerber na...@mips.inka.de
