|
|
|
|
|
|
by simoncion
3850 days ago
|
|
|
> The OpenSSL team refuses to even use SSL/TLS on their website because "they don't want anyone to get the slightest illusion that it's secure" Eh? 1) Visting http://www.openssl.org automatically redirects me to https://www.openssl.org . 2) The OpenSSL source code is stored in a git repo in GitHub. While this doesn't ensure that the code hasn't been tampered with, git does make it substantially easier to detect tampering than other VCSs do. 3) All of the release tarballs are PGP signed. Verification of the authenticity of these files is just about as automatic as it gets. |
|
|
And if I recall correctly, it was http://openssl.net not https://.
Is it possible there have been some changes in recent years?