Hi all,
Carlo Zancanaro skribis:
> I'm not convinced there's much value to add anything beyond the
> signatures, and I think there is some cost. Having multiple
> verification options makes the download page more confusing (by
> providing more choices to do the same thing), and may make it less
> In this instance, the hash provides no
> significant additional value over the signature.
What you said is true, Only thing i would see it useful when there is an
attack on PGP but not necessary can be produced as well on the same time
on SHA512 like collision attack or so (nothing at the mom
> Which implies that the signatures are sufficient, right?
Well this is simple question but the answer is sorta deeper, So i will
answer with yes and no:
yes signatures are sufficient but signatures with PGP has problems, In
the suggestion above i didnt suggest to diverse the signing methods
On 9 April 2021 3:34:20 am AEST, bo0od wrote:
>This is nicely written by Qubes documentation:
>
>https://www.qubes-os.org/security/verifying-signatures/
From that page:
> If you’ve already verified the signatures on the ISO directly, then verifying
> digests is not necessary.
Which implies
This is nicely written by Qubes documentation:
https://www.qubes-os.org/security/verifying-signatures/
Leo Famulari:
On Wed, Apr 07, 2021 at 05:42:40AM +, bo0od wrote:
Hi There,
I see there is only .sig provided:
https://guix.gnu.org/en/download/
Its better to provide more than one way
On Wed, Apr 07, 2021 at 05:42:40AM +, bo0od wrote:
> Hi There,
>
> I see there is only .sig provided:
>
> https://guix.gnu.org/en/download/
>
> Its better to provide more than one way of verification e.g:
Why?
Hi There,
I see there is only .sig provided:
https://guix.gnu.org/en/download/
Its better to provide more than one way of verification e.g:
Qubes: https://www.qubes-os.org/downloads/
Whonix: https://www.whonix.org/wiki/VirtualBox/XFCE
...etc
ThX!
