httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 55808] File integrity verification using MD5 and SHA1
Date Wed, 13 Jan 2016 22:54:33 GMT

--- Comment #8 from Yann Ylavic <> ---
(In reply to fedor.brunner from comment #6)
> So the integrity of the downloaded file would be tied to the TLS security of
> and SHA-1 security.

The user is expected to trust TLS for the route to, from
the integrity of /dist/ (where the original and its digests/signature land),
and finally MD5/SHA1/PGP for the integrity of the tarball.

So a tarball from any other location should still be verified against
digest/signatures from, not mirror's.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message