Re: [code] [textadept] Secure download and build

From: Mitchell <m.att.foicica.com>
Date: Sat, 2 Jan 2016 14:25:31 -0500 (EST)

Hi,

On Fri, 11 Dec 2015, xsek.att.openmailbox.org wrote:

> So...I`ve managed how to build it with gpg sigs and it is ok (though I
> couldn't wrap building process into Arch Linux PKGBUILD, strange errors
> appear while building with makepkg which are not there with simple make
> command...). Some things are concern me anyway - lack of gpg sigs for
> important files like makefile, lua scripts, etc. For me personally it would
> be perfect to distribute one archive with all sources needed to build and a
> signature to that archive, like with stable builds. It`s up to Mitchell
> anyway :)

I don't want to distribute such a large archive with all dependency
sources included. Right now the current archives are signed, so any
internal makefiles, lua scripts, etc. are "safe", no? Also, the sigs for
dependencies are also in the archive so when the makefile fetches them,
verifying them should be satisfactory. Perhaps I don't understand what it
is you are asking for though.

> Second thing is that Letsencrypt went live with public beta and fully
> operational (I checked)! So no more excuses for not having TLS by default on
> foicica.com :)

When it comes out of beta and supports my server setup out of the box, I
will certainly consider using it! Or if Letsencrypt pushes reputable CA
authorities to start issuing free domain certs, I could go down that road
too. startssl was recommended to me, but I don't really trust them.

Cheers,
Mitchell

-- 
You are subscribed to code.att.foicica.com.
To change subscription settings, send an e-mail to code+help.att.foicica.com.
To unsubscribe, send an e-mail to code+unsubscribe.att.foicica.com.
Received on Sat 02 Jan 2016 - 14:25:31 EST

This archive was generated by hypermail 2.2.0 : Sun 03 Jan 2016 - 06:45:55 EST