[tex-live] GPG message using tlpretest on OSX

Reinhard Kotucha reinhard.kotucha at web.de
Mon Apr 18 22:59:05 CEST 2016


On 2016-04-18 at 21:57:04 +0200, Angelo Graziosi wrote:

 > Norbert Preining wrote:
 > > Are you ready to defend TUG in front of an US court? If not, please
 > > stop bothering us.
 > 
 > I am afraid bothering you, but this is one more reason to remove this 
 > from TL2016...

No, this can never be a reason.

And even if you can convince Norbert to add an option which allows to
control this behavior, everything which enhances security has to be
turned on by default.  Always.

It seems that you prefer convenience to security.  Not a good idea,
IMO.

Checksums are fine in order to ensure file integrity i.e., to make
sure that transmission errors are detected.  If somebody is able to
fake a file, he's able to fake the checksum as well.  So no security
at all.

Hence I like Norbert's idea and appreciate his effort very much.

Regards,
  Reinhard

-- 
------------------------------------------------------------------
Reinhard Kotucha                            Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                    mailto:reinhard.kotucha at web.de
------------------------------------------------------------------


More information about the tex-live mailing list