repos providing only md5 sums
tek at serverop.de
Fri Apr 1 23:21:44 UTC 2016
* Thomas Penteker (tek at serverop.de) wrote:
I forgot to add, that we can make core/ports download the keys on each build
to make sure that they are current (vs. distributing them via the ports tree).
This assumes that they are sent via a host with a valid certificate.
We could also add multiple sources and compare multiple versions but paranoia
can get really messy really soon (what about modified cat/sha*/md5sum binaries
during comparison etc.).
More information about the CRUX