On 2014-07-29 02:13, Chris Palmer wrote: > ... > The run-time provable, run-time enforceable way is for sites to serve > download pages and the downloaded files themselves via HTTPS with > valid certificates, and then to make use of (for code downloads) > whatever code-signing mechanism the destination platform provides > (every platform provides some kind of code authentication now). > ... 1) This defeats public caching. 2) It also doesn't help with many types of downloads, such as source archives. Best regards, JulianReceived on Thursday, 4 September 2014 20:32:00 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC