|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen signing and wget
On 06/07/2010 16:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx> wrote: > While the Xen sources have recently become digitally signed by xen.org > (which is just great), there is still a problem that its various > Makefiles download (and subsequently build) various 3rd party software > via wget (e.g. ioemmu, grub, tboot, etc). Unless I'm missing something, > the downloaded 3rd part software is never verified in any way. We download tarballs from http://xenbits.xensource.com/xen-extfiles rather than random 3rd party sites. And qemu from our very own git repository also on xenbits. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |