no need to download unsigned stage3-amd64-hardened-20150108.tar.bz2.DIGESTS when you download --clearsigned stage3-amd64-hardened-20150108.tar.bz2.DIGESTS.asc
#96
Labels
Comments
adrelanos
pushed a commit
to adrelanos/Securix-Linux
that referenced
this issue
Jan 11, 2015
- fixed check gpg before sha512 martinholovsky#94 - fixed gpg --verify is insecure for verification of `--clearsign`ed files, use gpg --decrypt instead martinholovsky#95 - fixed no need to download unsigned stage3-amd64-hardened-20150108.tar.bz2.DIGESTS when you download `--clearsign`ed stage3-amd64-hardened-20150108.tar.bz2.DIGESTS.asc martinholovsky#96
This was referenced Jan 11, 2015
|
#97 solved this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
unsigned cleartext file:
http://distfiles.gentoo.org/releases/amd64/autobuilds/20150108/hardened/stage3-amd64-hardened-20150108.tar.bz2.DIGESTS
--clearsigned filehttp://distfiles.gentoo.org/releases/amd64/autobuilds/20150108/hardened/stage3-amd64-hardened-20150108.tar.bz2.DIGESTS.asc
There is no need to download the former.
https://github.com/martincmelik/Securix-Linux/blob/14e4fd445235e4bf384fd8ffb65e1c43d7bfe9ac/securix-install/install.sh#L806
The text was updated successfully, but these errors were encountered: