1 Apr
2016
1 Apr
'16
11:21 p.m.
* Thomas Penteker (tek@serverop.de) wrote:
Hello, (...)
I forgot to add, that we can make core/ports download the keys on each build to make sure that they are current (vs. distributing them via the ports tree). This assumes that they are sent via a host with a valid certificate. We could also add multiple sources and compare multiple versions but paranoia can get really messy really soon (what about modified cat/sha*/md5sum binaries during comparison etc.). regards, Thomas