[vlc-devel] 0.8.6d Release schedule
rdenis at simphalempin.com
Fri Nov 23 15:31:12 CET 2007
On Fri, 23 Nov 2007 14:04:21 +0100, Rafaël Carré <funman at videolan.org>
> Are the checksums provided through TLS once the videolan.org server has
> been authenticated (still with TLS) ?
I must say, I don't understand how you would authenticate the server
with HTTP/TLS yet pass the data outside of TLS.
> What would be the extra weight of embedding cryptographic software in
> VLC, and then just serve checksums and their signature over an insecure
> channel, then the client do check the checksums' signature with the
> embedded public key ?
OpenPGP is not trivial to implement, or even integrate.
> My point is: TLS is used for transport, but I would prefer a solution
> like the GPG-signing of debian APT repositories.
Of course, OpenPGP would be a lot better than TLS here.
But it ain't going to happen within 0.9.0 let alone 0.8.6d timeframe.
More information about the vlc-devel