WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xen signing and wget

from [Keir Fraser] [Permanent Link][Original]
To: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen signing and wget
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Tue, 6 Jul 2010 16:34:49 +0100
Cc: Ian, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Delivery-date: Tue, 06 Jul 2010 08:35:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C334B5C.4090305@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcsdH63GdsUauGtSSR+asC+ZlOXg4QAARchr
Thread-topic: [Xen-devel] Xen signing and wget
User-agent: Microsoft-Entourage/12.24.0.100205 
On 06/07/2010 16:27, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
wrote:

>>> But you use plaintext connection, which, in security, means random code.
>>> I think we have already went through this last time when discussing the
>>> signing process for Xen ;)
>> 
>> Okay, then make a patch, including hashes for our current collection of
>> downloads.
> 
> I'm not a Xen developer. I do not sign your tarballs...

Perhaps best then to sign the tarballs we have on xenbits, and verify the
signatures when we download tarballs. Ian Jackson might pick that up as a
work item.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] rombios: fix implicit assumption that DS == SS, Tim Deegan
Next by Date:  [Xen-devel] [PATCH] rombios: move the stack to 0x9e000 and protect it with an e820 entry, Tim Deegan
Previous by Thread:  Re: [Xen-devel] Xen signing and wget, Joanna Rutkowska
Next by Thread:  Re: [Xen-devel] Xen signing and wget, Joanna Rutkowska
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy