Download OpenSSH through secure channel?
Ren Siyuan
netheril96 at gmail.com
Mon Oct 13 02:29:54 EST 2014
But how can I verify that the key with which to sign comes from a real OpenSSH developer? For the SSH connection, how do I verify the server?
It is mostly paranoia, because I am sure no hacker would choose such a convoluted way when there are many more easier alternatives to compromise a certain computer. But I thought that the people developing security software would distribute their software almost completely securely.
On Oct 12, 2014, at 23:02, Mark Hahn <hahn at mcmaster.ca> wrote:
>> insecurely and not encrypted. Is there any future plan to distribute
>> OpenSSH over secured channel, such as https?
>
> why? the sources are signed. also, anoncvs is over ssh.
More information about the openssh-unix-dev
mailing list