[arch-general] [arch-dev-public] todo list for moving http -> https sources

Carsten Mattner carstenmattner at gmail.com
Mon Oct 31 20:27:05 UTC 2016


When it comes to security of online update mechanisms and that of
an index, TUF has a well designed scheme to be safe regardless of
http and plan for eventual leak/theft of signing keys.

I'd suggest anyone interest to have a look.


More information about the arch-general mailing list