Quoth Eddie Carle: > Well, that's why you GPG sign the downloads :) Yes, to an extent, but a nasty person could always sign with their own key, and unless you knew to look out for a signature from me people wouldn't see a problem. I think. Though admittedly this is probably rather unrealistic.
Quoth Sylvain Beucler: > > > I ask partly as very-clever.com appears to be some not-great spam > > site, and I'm not sure I'm that comfortable having the official > > downloads for my project hosted there. > > No vague claims please. > > http://www.very-clever.com/download/nongnu/ looks pretty clean and our > contact there offers the mirroring and bandwidth with no counterparts. > I don't see a reason to complain, but maybe you can precise what is > annoying you. The root of the server is a blog of 'product reviews', all of which are dated January 1st, and look to me like they're there just for amazon referal purposes. Saying that, I suppose that shouldn't really bother me - just lowers my trust somewhat. Thanks for the info. Nick -- GPG Key : www.njw.me.uk/nick.gpg.asc GPG Key ID: 04E4653F GPG Fingerprint: 9732 D7C7 A441 D79E FDF0 94F6 1F48 5674 04E4 653F
