-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-05-29 13:38, dieter wrote:
On Tue, 29 May 2012 13:25:31 +0200 "Carlos E. R." <> wrote:
IMO, that is a security concern.
I *hope* the security never depends on the server but on cryptographically signing the files - and verifying the validity of the signature before using them.
Verifying the signatures is not possible, they are not listed on a secure server. Even the DVD could be rewritten by a rogue mirror with false signatures. A lot of work, but doable. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/EycAACgkQIvFNjefEBxrcLQCgpRfknM1X9fxtXaiPVd3MO3/G tfgAoJCtlS/nM/j00HliyNOIPtjm8LHo =LcM8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org