My use case is for creating Jails. I'm trying to script downloading and extracting an archive for a jail and would like to be able to verify the download.
On Sun, Jan 10, 2016 at 3:01 PM James Keener <[email protected]> wrote: > That doesn't help if a mirror is compromised or control is lost. Those > already downloaded installers can't update their mirror list. > > Jim > > > On January 10, 2016 2:54:44 PM EST, Dmitry Morozovsky <[email protected]> > wrote: >> >> On Sun, 10 Jan 2016, Clint Armstrong wrote: >> >> The signed checksums linked on that page only include checksums for the >>> .img and .iso images. Not for the .txz archives. >>> >> >> Ah I see. But nevertheless, these .txz's are almost always accessed from the >> installer, which selects only approved mirror from well-defined list, and >> connects to them over TLS... >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
