In order to trust your verification you need to make sure you got the right reference hashes in the first place (i.e. That being said, verifying downloads only displaces the problem. (It’s a notion sometimes called untrusted infrastructure because you don’t need the infrastructure that hosts your packages to be trustworthy in order to ensure the trustworthiness of the packages themselves.) If you can verify the download via hashes, it doesn’t matter where you downloaded it from, that’s the entire point of the verification. Which is the better source? Im guessing the launchpad link has more potential to be compromised? Or alternatively from the veracrypt website downloads page: VeraCrypt - Free Open source disk encryption with strong security for the Paranoid With respect to downloading Veracrypt, would best practices be to download the. rpm from the DisposableVM to the TemplateVM I am assuming the appropriate way to do this in a salt formula would be: I’m trying to get Veracrypt installed in a TemplateVM, however Veracrypt is not available in any repos meaning it needs to be downloaded and installed manually. I’m currently working on a salt formula to setup my Qubes install.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |