[Dev] New ISO release available?
Luke
g4jc at openmailbox.org
Tue Mar 15 01:58:47 GMT 2016
On 03/14/2016 09:10 PM, fauno wrote:
> Luke <g4jc at openmailbox.org> writes:
>>> I'm referring to https://repo.parabola.nu/iso/2016.03.10/ which is
>>> linked from https://repo.parabola.nu/iso/latest/. It doesn't have any
>>> signature. The /topic only mentions the Mate release.
>>>
>>>
>> Ah I didn't realize this: I wouldn't trust unsigned iso, we need to make
>> sure whomever uploads ISO provides signature + SHA256 at a minimum (See
>> the recent Linux Mint hack for a good example why)
> how is it not worrying that a new iso appears and it isn't signed nor
> announced? D:
>
> please reinstate the old one!
>
Based on the fact no one has come forward and signed the package, it is
a little worrying. We need to audit and figure out who uploaded this in
the first place. If it was not from a trusted developer we should assume
there may have been a security breach and proceed accordingly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160314/9a674056/attachment.sig>
More information about the Dev
mailing list