Web site security

All other questions
fletch31337
Posts: 8
Joined: 01 Sep 2010, 07:14

Web site security

Postby fletch31337 » 19 Oct 2015, 02:25

Hi. A couple of security suggestions:

- Sign the ISO images with GPG

- Host the GPG key/cert on the site (using HTTPS) AND in a trusted key server.

- Host the site on HTTPS (or at least the area with the checksums and the main GPG key/cert.)

- When moving an ISO to the "past versions" section, include all the checksums, not just MD5 (whose security is terrible!)

In this post Snowden age, this is becomming more and more important, especially given the number of people I have seen who use and recommend SysRescCD for dealing with simple (but important) security related issues (as I do).

I love SysRescCD and have been using it for years, but these steps would take it to the next level of confidence for me! :)

Thanks.

zebios
Posts: 2
Joined: 22 Nov 2016, 05:00
Contact:

Re: Web site security

Postby zebios » 22 Nov 2016, 05:01

fletch31337 wrote:Hi. A couple of security suggestions:

- Sign the ISO images with GPG

- Host the GPG key/cert on the site (using HTTPS) AND in a trusted key server.

- Host the site on HTTPS (or at least the area with the checksums and the main GPG key/cert.)

- When moving an ISO to the "past versions" section, include all the checksums, not just MD5 (whose security is terrible!)

In this post Snowden age, this is becomming more and more important, especially given the number of people I have seen who use and recommend SysRescCD for dealing with simple (but important) security related issues (as I do).

I love SysRescCD and have been using it for years, but these steps would take it to the next level of confidence for me! :)

Thanks.


+1


Return to “Other”

Who is online

Users browsing this forum: No registered users and 3 guests