On Thu, 2019-04-04 at 11:13 +0100, Daniel P. Berrangé wrote:
> On Thu, Apr 04, 2019 at 10:51:22AM +0200, Andrea Bolognani wrote:
> > On Wed, 2019-04-03 at 16:42 +0100, Daniel P. Berrangé wrote:
> You mean fix that fact that not everything is signed ?
Yes. Definitely for all releases going forward,
On Thu, Apr 04, 2019 at 10:51:22AM +0200, Andrea Bolognani wrote:
> On Wed, 2019-04-03 at 16:42 +0100, Daniel P. Berrangé wrote:
> > docs: stop advertizing FTP or HTTP for downloads of libvirt
>
> We never advertised HTTP downloads, we only had an HTTPS URL
> incorrectly labeled as "HTTP". So s/or
On Wed, 2019-04-03 at 16:42 +0100, Daniel P. Berrangé wrote:
> docs: stop advertizing FTP or HTTP for downloads of libvirt
We never advertised HTTP downloads, we only had an HTTPS URL
incorrectly labeled as "HTTP". So s/or HTTP // in the subject.
> On the modern internet it is not credible to con
On the modern internet it is not credible to continue to advertize
software downloads over unencrypted connections. Even if users could
theoretically use GPG to verify the signatures, not all our downloads
and signed and few people know how to correctly verify signatures.
Signed-off-by: Daniel P.