On Sun, 30 Nov 2014 17:32:05 -0500 Jason Cooper <tor@xxxxxxxxxxxxxx> wrote: > > It is unauthenticated and you probably shouldn't use it if at all > > possible. > > How does that matter? All of the tags are signed by Nick Mathewson. > This allows the server *and* the path to be untrusted. What about intermediary commits between tagged releases? Yes, signing each commit is possible, and probably even a good idea, but it's not currently done. Regards, -- Yawning Angel
Attachment:
pgpC2lM415SWu.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev