|
|
|
|
|
|
by octaspire
3243 days ago
|
|
|
Thank you for the kind words and the feedback! Some notes on the third point on the list: * Latest release of Octaspire Dern can be downloaded through secure HTTPS connection from here: https://octaspire.github.io/dern/release.tar.bz2
SHA-512 checksum for the latest release can be downloaded from:
https://octaspire.github.io/dern/checksums
SHA-512 checksums of all past releases can also be found from: https://octaspire.github.io/dern/
What I have done in my other asciicasts is this (for example in Dern introduction/tutorial
at https://asciinema.org/a/123972):
curl -O octaspire.com/dern/release.tar.bz2
tar jxf release.tar.bz2
cd release/*
curl -O https://octaspire.github.io/dern/checksums
sha512sum -c checksums
This is what I have recommended in the manual
http://www.octaspire.com/dern/Programming_in_Octaspire_Dern.html
Both the release and checksums could be downloaded from https://octaspire.github.io/dern/ but
I though that by downloading them from two different servers (octaspire.com and octaspire.github.io)
would have the added safety factor that attacker would have to get access to both distinct servers to
be able to modify both the release and the checksums. And the checksums are available only through HTTPS,
even if the release is available through HTTP and HTTPS.
But I too recommend to always check the checksums. I should not have cut corners while making this video.
Or at least I should have downloaded the file through HTTPS when not checking the files.
|
|
|