On Fri, Jan 03, 2014 at 07:21:17PM +0100, Jorge Timón wrote: > On 1/3/14, Troy Benjegerdes <ho...@hozed.org> wrote: > > 'make' should check the hash. > > An attacker could replace that part of the makefile. > Anyway, I think this is more oriented for compiled binaries, not for > people downloading the sources. I assume most of that people just use > git. > > > The binary should check it's own hash. > > I'm afraid this is not possible. > > > The operating system should check the hash. > > There's package management systems like apt-secure that do exactly this.
Yes. Promoting operating systems (and signed .deb packages) is a far better thing to do than worrying about TLS on the bitcoin.org server. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
