On 30-09-2014 11:56, trondd wrote: > There are SSH fingerprints published for each of the CVS servers. They are published on a clear http page and there is no SSHFP on the dns. You need to access the anoncvs page from different places, using different connections/vpns/proxies, to be sure you are talking to the right anoncvs server. > Alternatively, you use the patch files which are signed. There aren't so > many of them that's it hard to catch up. I use the mtier openup tool and their binpatches. Yes, I'm trusting a third party on this. Have been using it for some time now, and it work great.
Cheers, [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]