--- Begin Message ---
On Mon, Jan 12, 2026 at 8:27 PM Ross Finlayson <[email protected]>
wrote:
> Note that if you are concerned about the integrity of our source file
> tarball, we also provide a SHA1 fingerprint ("live555-latest-sha1.txt”)
> which you can use to compare against running “sha1” on the “.tar.gz” file.
>
This provides zero integrity guarantees when the SHA1 file is also
distributed by the same unverifiable HTTP connection.
You could put an HTTPS website on port 8443 for distributors while
maintaining your firewall-avoiding sshd on port 443 with minimal technical
difficulty. Or you could use web.live555.com, where you already have a
normal HTTPS on port 443 with valid certificate. Or, as you appear to be
using AWS, you could use CloudFront.
Regards,
Stu.
--- End Message ---
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
