[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen signing and wget



On 06/07/2010 16:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
wrote:

> While the Xen sources have recently become digitally signed by xen.org
> (which is just great), there is still a problem that its various
> Makefiles download (and subsequently build) various 3rd party software
> via wget (e.g. ioemmu, grub, tboot, etc). Unless I'm missing something,
> the downloaded 3rd part software is never verified in any way.

We download tarballs from http://xenbits.xensource.com/xen-extfiles rather
than random 3rd party sites. And qemu from our very own git repository also
on xenbits.

 -- Keir




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.