maintaining a mirror and a cvs sync tree is quite good too. morevover you cloud have some https on your mirror
On Wed, Sep 11, 2013 at 1:53 PM, Valentin Zagura <[email protected]> wrote: > I don't think I'm more paranoid than the average considering that Debian > has a way to do this (http://www.debian.org/CD/verify), fedora has a way > to > do this (https://fedoraproject.org/verify), even Freebsd has a way to do > this ( https://www.freebsd.org/releases/9.1R/announce.html). > > The thought of being more paranoid than an OpenBSD guy is not very > comfortable :) > > > On Wed, Sep 11, 2013 at 8:13 PM, Daniel Bolgheroni <[email protected] > >wrote: > > > On Wed, Sep 11, 2013 at 03:17:20PM +0300, Valentin Zagura wrote: > > > Yes, we know, but that file can also be easily compromised if it's not > > > available for download with a secure protocol (HTTPS) > > > > If you're paranoid, build your own hardware from the ground up, > > including designing your own CPU and complementary circuits, download > > all the sources, audit them all, compile and then run. > > > > You can't be fooled by wrong measurements of security. > > > -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
