Re: some feedback about security from the user's point of view
Hi Alexander,
fair play, this is a proposition for a narrowed down search:
https://encrypted.google.com/search?num=100&hl=en&lr=lang_en&tbs=lr%3Alang_1en&q=site%3Awww.debian.org+md5+-site%3Awww.debian.org%2FNews+-%22MD5+checksums+of+the+listed%22+-inurl%3Aja.html&aq=f&aqi=&aql=&oq=
It yields about 77 results if I try it. However, I suppose that other languages are equally important to english. How the documentation for the entire debian website is generated is beyond the scope of my involvement here, so I want to return to my original proposition:
We can start with a first step, namely changing the instructions at http://debian.org/CD/faq/#verify
If someone with the authority of changing the debian website would tell me that if I wrote a proposition to change those instructions they would actually follow it up and see to it that the website will get changed, I am prepared to do this. If there is not coming such a green light from the debian development I don't have to bother though, because if it isn't going to make it to the website, I might as well stop wasting my time here.
Further I would consider no longer offering md5 checksums for extra foolproofness. It is not up to me though to evaluate the consequences of such a decision.
Boyd Stephen Smith Jr. <bss@iguanasuicide.net> wrote:
>> In conclusion of this, the highest level of security with which I and many
>> others can obtain debian *in practice* is plain http.
I disagree with that assertion.
Hi Mr Smith,
could you please elaborate your disagreement. Are you referring to the possibilities of buying a preinstalled computer or buying a cd? Or do you actually see any means to download it more secure than http?
greetz
naja
Reply to: