|
|
Subscribe / Log in / New account

First Release of LibreSSL Portable Available

First Release of LibreSSL Portable Available

Posted Jul 11, 2014 21:21 UTC (Fri) by rillian (subscriber, #11344)
Parent article: First Release of LibreSSL Portable Available

139ac81c9478accd38a9eb667623d75997a2197cec36f184cd8d23e98a7e475b libressl-2.0.0.tar.gz

...is the version I got from the server. If anyone wants to crowdsource the missing release signature.

to post comments

First Release of LibreSSL Portable Available

Posted Jul 12, 2014 1:09 UTC (Sat) by Siosm (subscriber, #86882) [Link] (6 responses)

No sha256sum, no PGP/GPG signed email. Are they serious? They need to work on their release process.

Note: For what it's worth, I got the same sha256sum.

First Release of LibreSSL Portable Available

Posted Jul 12, 2014 7:07 UTC (Sat) by keeperofdakeys (guest, #82635) [Link] (4 responses)

I'd guess that they only consider this a preview release, not a stable release that they want people to actually use.

First Release of LibreSSL Portable Available

Posted Jul 12, 2014 8:14 UTC (Sat) by Otus (subscriber, #67685) [Link] (1 responses)

Then why did they name it 2.0.0?

First Release of LibreSSL Portable Available

Posted Jul 12, 2014 22:43 UTC (Sat) by busterb (subscriber, #560) [Link]

Gotta start somewhere.

First Release of LibreSSL Portable Available

Posted Jul 12, 2014 23:00 UTC (Sat) by busterb (subscriber, #560) [Link] (1 responses)

Yes - this release is intended for getting initial feedback, reports of build breaks, tell us where we messed up, etc. The release process is still being revised, but we wanted to get some initial feedback ahead of more polished future releases.

If you see LibreSSL 2.0.0 show up in your distro's stable package updates tomorrow, you should probably question the maintainers a little bit.

First Release of LibreSSL Portable Available

Posted Jul 14, 2014 7:52 UTC (Mon) by tedd (subscriber, #74183) [Link]

Aww, and I was just going to check the Arch repository.

First Release of LibreSSL Portable Available

Posted Jul 12, 2014 13:20 UTC (Sat) by tomgj (guest, #50537) [Link]

no PGP/GPG signed email

You may be interested to know that the protocol is called OpenPGP. The two applications you mention implement it, and other applications probably do too.

The following hopefully illustrates the issue by treating the term "email" in the same way:

No PGP/GPG signed Outlook/gmail
vs
No OpenPGP signed email

First Release of LibreSSL Portable Available

Posted Jul 14, 2014 22:55 UTC (Mon) by rillian (subscriber, #11344) [Link]

9596f6cb3e8bafe35d749dfbdb6c984f1bbd86233598eb5fdb4abf854a5792ba libressl-2.0.1.tar.gz

There's now a SHA256.sig which confirms this and the previous checksums. I verified the EC 25519 signature against the published key in the same directory with this port of OpenBSD's package signing tool.

untrusted comment: LibreSSL Portable public key
RWQg/nutTVqCUVUw8OhyHt9n51IC8mdQRd1b93dOyVrwtIXmMI+dtGFe

Continuing the record here until we get a better trust path established.

First Release of LibreSSL Portable Available

Posted Jul 18, 2014 22:19 UTC (Fri) by rillian (subscriber, #11344) [Link]

Published signature also passes for

4d16b6852cbd895ed55737819d2c042b37371f1d80fcba4fb24239eba2a5d72b libressl-2.0.2.tar.gz


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds