[liberationtech] Passlok's broken security model
Mikael Nordfeldth
mmn at hethane.se
Fri Aug 16 00:16:57 PDT 2013
On tor 15 aug 2013 00:07:22, Francisco Ruiz <ruiz at iit.edu> wrote:
> I guess not, but I'm only using site44 for the time being because it's
> free. I'm also changing the code with some frequency. In a more final
> installation, I'll have my own server. Perhaps you can recommend a shared
> https server that can be trusted?
Not that https can be trusted just because it's https, but I guess you could just use public source repositories. Then you have several kinds of verification possible; https on multiple sites (obscures mitm attacks), hash (compare between two separate https servers), crypto-signature (embed an openpgp public key in the repo).
Public repository sites I use and recommend:
https://gitorious.org
https://github.com
personal git repo
More information about the liberationtech
mailing list