Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No https/ftps downloads, no pgp/gpg key

    General pfSense Questions
    1
    1
    561
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      storkus last edited by

      Chris and the gang have always had a healthy sense of paranoia (for instance, repeatedly insisting not to use a VM for production), but in the wake of the NSA BS as well as the ever increasing number of attacks, I'm curious why, for something this important security-wise, there isn't additional verification beyond MD5 and SHA256 (and even then, they're also only on the mirrors).  For those of us more paranoid (and also to guard against over-zealous stream compressors such as found on satellite and cellular connections), it seems it may be a good idea to use TLS to download rather than a naked stream, and then a PGP/GPG verification when finished.

      Do you guys think I'm being TOO paranoid, or is this too hard, or what?  I tried a few search terms on the forum, including GPG and PGP, and came up empty, so it would seem no one has though of this before–very surprising to me.  What do you all think?

      Mike

      1 Reply Last reply Reply Quote 0
      • First post
        Last post