I noticed most software available on http://dl.suckless.org does not provide
checksums and digital signatures for the compressed tarballs, and other files.
I sought to remedy this, by creating a Github repository of only checksums and
digital signatures. It's available at:
https://github.com/a
On Wed, Aug 23, 2017 at 08:21:45PM +0200, Hiltjo Posthuma wrote:
> Checksums are available in each project directory, yesterday I've added
> SHA256 checksums.
>
> For example:
> SHA256: http://dl.suckless.org/dwm/sha256sums.txt
> SHA1: http://dl.suckless.org/dwm/sha1sums.txt
>
On Thu, Aug 24, 2017 at 12:45:15AM +0200, hiro wrote:
> Any responsible suckless person should not download Aaron's software.
> I cannot guarantee it's not ransomware!
There is no software on that github repository. It's all raw text.
--
. o . o . o . . o o . . . o .
. . o . o o o .
On Thu, Aug 24, 2017 at 01:22:33PM +0200, Laslo Hunhold wrote:
> I won't support the PGP snake-oil movement just so you can sleep well
> at night. If you want to go with maximum trust, you can compare the
> tarball-contents with the status of the git-repo at a certain tag.
I'll continue to push ch
On Fri, Aug 25, 2017 at 08:12:12AM +0200, Anselm R Garbe wrote:
> - (optional) repo owners/maintainers should sign their future git tags
> for release creation by using their own private PGP key.
Optionally, for those who don't want to use OpenPGP, the author of libsodium
created Minisign back in
I just noticed HTTPS was deployed on Aug 30, and it appears that HTTP requests
are redirected to HTTPS. Congrats! I updated the Github repository README.md[0]
reflecting the new change.
0. https://github.com/atoponce/dl.suckless.org/blob/master/README.md
I also noticed a "sha256sums.txt" file
