/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Download of signature is not secure via sf.net #907

Closed
marmarek opened this Issue Mar 8, 2015 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
1 participant
@marmarek
@marmarek
Member

marmarek commented Mar 8, 2015

Reported by anonymous on 18 Oct 2014 08:16 UTC
Hi,

since you distribute the iso signatures via sourceforge, they're not fetched using https.
So while the cubes website is in nice and shiny https-green, it's not possible to see if i fetched a valid iso.

Are you doing regular checks on the checksum files?
And even then. Please publish them on the site and via https.

Migrated-From: https://wiki.qubes-os.org/ticket/907

@marmarek marmarek added bug C: other P: major labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by Nukama on 18 Oct 2014 10:28 UTC
Thoroughly study [[VerifyingSignatures]] and understand the issues with chains of trust. See discussion in #203.
Member

marmarek commented Mar 8, 2015

Comment by Nukama on 18 Oct 2014 10:28 UTC
Thoroughly study [[VerifyingSignatures]] and understand the issues with chains of trust. See discussion in #203.

@marmarek marmarek added the notanissue label Mar 8, 2015

@marmarek marmarek closed this Mar 8, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment