Re: [code] [textadept] Secure download and build

From: <xsek.att.openmailbox.org>
Date: Sat, 09 Jan 2016 00:36:21 +0000

Hi!

> I don't want to distribute such a large archive with all dependency
> sources included. Right now the current archives are signed, so any
> internal makefiles, lua scripts, etc. are "safe", no? Also, the sigs
> for dependencies are also in the archive so when the makefile fetches
> them, verifying them should be satisfactory.

Yes, I think now it is ok as I can see. I'll let you know if I find
something. Thank you very much for your effort! :)

> When it comes out of beta and supports my server setup out of the box,
> I will certainly consider using it! Or if Letsencrypt pushes reputable
> CA authorities to start issuing free domain certs, I could go down
> that road too. startssl was recommended to me, but I don't really
> trust them.

Hm, I think you misunderstand what does "public beta" mean for
letsencrypt. For now:
1. They are issuing valid certificates for 90 days. "Valid" means certs
are signed by reputable CA (IdenTrust?), so it passes browser check. So
if your server support SSL/TLS at all, you can have it.
2. There is console tool for cert requesting with several methods of
proving your domain ownership. All procedure takes SECONDS, then - BAM -
you have your certificates. It is not perfect though, it is lacking
automation in some sort, but it is developing so fast that I think I
might be already wrong about it :)
3. Of course it is free as in freedom to drink free beer :)

You should really go and check docs there
https://letsencrypt.org/howitworks/

Cheers

-- 
You are subscribed to code.att.foicica.com.
To change subscription settings, send an e-mail to code+help.att.foicica.com.
To unsubscribe, send an e-mail to code+unsubscribe.att.foicica.com.
Received on Fri 08 Jan 2016 - 19:36:21 EST

This archive was generated by hypermail 2.2.0 : Sat 09 Jan 2016 - 06:34:21 EST