On Sun, 03 Aug 2014 14:26:41 +0000 Patrick Schleizer <patrick-mailinglists@xxxxxxxxxx> allegedly wrote: > > As a maintainer of Whonix I like to note, that I am surprised, that > there are any Whonix signature downloads from Whonix mirrors at all. > We directly link Whonix signatures to whonix.org on our download > page. [1] We don't have a link to signatures pointing to mirrors > anywhere. Patrick The mirrors are (of necessity) public servers. They contain copies of the signature files. Inevitably those files will be retrieved at times. It is possible that some of those retrievals are by search engines or other 'bots trawling the web. But it is equally possible that some of the retrievals will have been made by real people - possibly people who simply wanted to get and compare signatures from different sources. The only certain way to ensure that there are no signature downloads from the mirrors (and this applies to tails as well) is to remove those signatures from the rsynch masters. If they ain't there, they can't be copied to the mirrors. Best Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk