[Bro-Dev] #477: Signing releases

Bro Tracker bro at tracker.bro-ids.org
Fri Jun 17 08:34:01 PDT 2011

#477: Signing releases
  Reporter:  robin    |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro1.6
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:
Changes (by robin):

 * version:   => git/master
 * type:  Task => Problem


 On Fri, Jun 17, 2011 at 15:05 -0000, you wrote:

 >  Establishing trust in a PGP public key isn't always a lightweight
 >  operation for users, right?

 Yeah, we should at least all sign they key with out private ones.

 >   If (maybe additionally) the webserver hosting releases has an SSL
 >   cert. issued by a commonly trusted CA, users will find it easier to
 >   just download them or verify checksums over HTTPS.

 That's a good idea in any case, we should generally offer SSL access.
 Does anyone have experience with getting a trustworthy cert and can
 take the lead on that?

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/477#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list