[openib-general] creating releases for the libraries you own

[Michael S. Tsirkin]

Quoting r. Roland Dreier <rdreier at cisco.com>:
> Subject: Re: creating releases for the libraries you own
> 
>  > >  > Well, with ~user/html I can easily cook up a perl script to generate a MD5
>  > >  > checksums or sign stuff and just stick them in the same directory as original files.
>  > > 
>  > > But you can do that with any old hosting, can't you?  Or am I missing
>  > > something?
>  > 
>  > This depends on the level of paranoia :) If all files are on the same
>  > server, I only have to trust that server's integrity.
> 
> But we're talking about signed releases, right?  Surely you're not
> going to put your private key on some web server -- you're going to
> sign the packages before you upload them anyway.  So I still don't see
> why I care about web hosting, given how many other places already give
> it to me.

Not me as a developer - me as a user :).

The user already has to trust openfabrics server's integrity since
that's where he got the download link from. So at least the signatures
should be on the openfabrics server too - otherwise its an extra
server to trust, for the user.

And since this means we need web hosting on openfabrics server already,
let's put the packages themselves there, too.

-- 
MST