Considering the fact that gmane.com isn't secured, both are useless from a secur... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		marcus on May 8, 2010 \| parent \| context \| favorite \| on: GNU Emacs 23.2 released Considering the fact that gmane.com isn't secured, both are useless from a security viewpoint. It would be easier to intercept the request http://permalink.gmane.org/gmane.emacs.announce/17 and change the checksum that appears in the HTML, than to generate a new .tar.gz with the original checksum. If you can't trust that no one tampered with the checksum what good is it???

DrSprout on May 8, 2010 [–]

Quickly checking that you have the latest release in the absence of a good network connection.

Also, you can use mirrors without worrying about the mirrors being tampered with. Obviously if someone does a MITM on you against gmane you're in trouble.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact