Would the project maintainers be interested in signing the ISOs so we can
verify that we are obtaining them from who we think we are? I torrented, but
this doesn't protect from the posssibilty that the torrent file itself could
get compromised via a MitM attack (not sure about magnet links). Paranoid I
know, but Arch has a PGP signature too, anyway. It would help me feel better at
least! :)
_______________________________________________
Dev mailing list
[email protected]
https://lists.parabola.nu/mailman/listinfo/dev
