4. No https/ftps downloads, no pgp/gpg key

No https/ftps downloads, no pgp/gpg key

  • S

    Chris and the gang have always had a healthy sense of paranoia (for instance, repeatedly insisting not to use a VM for production), but in the wake of the NSA BS as well as the ever increasing number of attacks, I'm curious why, for something this important security-wise, there isn't additional verification beyond MD5 and SHA256 (and even then, they're also only on the mirrors).  For those of us more paranoid (and also to guard against over-zealous stream compressors such as found on satellite and cellular connections), it seems it may be a good idea to use TLS to download rather than a naked stream, and then a PGP/GPG verification when finished.

    Do you guys think I'm being TOO paranoid, or is this too hard, or what?  I tried a few search terms on the forum, including GPG and PGP, and came up empty, so it would seem no one has though of this before–very surprising to me.  What do you all think?

    Mike

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy