Fellow shorewall users, I am new to the list. Please forgive me if this question has been covered already. I searched the archives briefly and checked through the documentation and couldn't find anything.
At the moment, I am attempting to download and install shorewall on a server and would like to ensure that it's a valid copy. I saw that there is a GPG key at https://lists.*shorewall*.net/*shorewall*.*gpg*.key and I thought, "Great! I can check to see that it's valid". Unfortunately, the SSL certificate for https://lists.shorewall.net is self signed, though. Is this how it has been forever, or has the server been hacked? With it being self signed, there's no chain of trust to assure me that the site hasn't been hacked. Could anybody provide me with a copy of the Shorewall GPG key that they consider valid? If it is the normal case that the certificate is self signed, I'd like to suggest that lists.shorewall.net apply for a certificate from http://www.cacert.org/. That would at least provide a chain of trust that I can rely on, even if it's not imported into most browsers. This way, I can assure my client that the code I installed on their server is validly the shorewall that we all know and love rather than a trojan horse. Thanks in advance to those who reply. And thanks to all those who have contributed to and supported shorewall over the years. It has made my job much easier on dozens and dozens of servers. Kind regards, Justis Peters ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
