Follow-up Comment #3, task #13862 (project administration):
The usual way that verification works is to verify the downloaded files
against their gpg signature. By verifying the gpg signature you can be
assured of the validity of the files.
Unfortunately there is a long chain of dependencies that need to occur before
the software on Savannah can be upgraded to support https transport.
For the case of vcs.savannah.gnu.org and its aliases the ssh key fingerprint
is:
80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/task/?13862>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
