[conspire] Siduction ... trust path to ISOs?
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Tue Feb 26 22:11:03 PST 2019
Hmmm, Siduction ... trust path to ISOs?
Repeating the earlier mistakes of, e.g. Linux Mint*?
So, ... Siduction ... download ISOs ... they have their ISOs on
(non-Siduction hosted) mirrors ... they have computed hash files
there.
According to their documentation
https://manual.siduction.org/cd-dl-burning
they have .gpg signature files ... but they're conspicuously missing.
Poking around a bit, the issue is brought up on forum:
https://forum.siduction.org/index.php?topic=6538.0
there's even apparently a bug to address it:
https://bugs.siduction.org/issues/1914
but that's broken, as are:
https://bugs.siduction.org/issues/
https://bugs.siduction.org/
http://bugs.siduction.org/
Somehow I find a distro in such state a bit hard to take all that
seriously.
*Linux Mint site got cracked(/"hacked") some years ago, and compromised data,
including ISOs, were on their site for a while ... Linux Mint lacked
signature files for their ISOs. I'd brought that up year(s) earlier
on their forum ... they didn't finally address it until after their
site was compromised.
More information about the conspire
mailing list