[PVE-User] HTTPS for download.proxmox.com

obj@jltechinc.com jeremiah at jltechinc.com
Thu Nov 30 18:23:18 CET 2017


Francesco, please let it go and stop this thread.

There are no more answers to give you on this subject...

-obj


Francesco Ongaro wrote on 11/30/2017 12:12 PM:
> On 30/11/2017 16:44, Fabian Gr├╝nbichler wrote:
>>> Francesco Ongaro <francesco.ongaro at isgroup.it> hat am 30. November 2017 um 16:34 geschrieben:
>>> You are right until you install something manually using dpkg.
>>>
>>> Example:
>>>
>>> http://download.proxmox.com/temp/pve-kernel-4.13.4-1-pve_4.13.4-26~vmxtest1_amd64.deb
>> for which I posted the hash sums on the channel where it was linked (the forum[1]), which is - surprise - only available over TLS ;) this thread is starting to get ridiculous..
>>
>> 1: https://forum.proxmox.com/threads/pve-5-1-kvm-broken-on-old-cpus.37666/#post-185463
> Hi Fabian,
>
> I think that good security is implemented by overlapping multiple
> controls while keeping the workflow simple and convenient for end
> users.
>
> When the cost is low it's often a no-brainer to implement a security
> control.
>
> Checking hashes manually is certainly doable, maybe not that convenient.
>
> Sorry to sound ridiculous to you[1], my opinion is that being able to
> communicate in a professional way is a nice skill to cultivate.
>
> Best regards,
> Francesco
>
> [1] https://wiki.debian.org/SummerOfCode2013/StudentApplications/FabianG
>
> "I am an advocat of free and open source software as well as meaningful
> security solutions for everyone (such as accessable encrypted
> communication methods and secure information storage)."
>



More information about the pve-user mailing list