No HTTPS on by default

Dewangga Bachrul Alam dewanggaba at
Mon Aug 22 16:03:55 UTC 2016


On 08/22/2016 10:58 PM, rainer at wrote:
> nginx doesn't provide an auto-update mechanism that stupidly downloads
> and accepts all and everything somebody makes available under some
> spoofed address.

You can use PGP key[1] to verified the binary was correct or "injected"
or "spoofed". Anyway, nginx support auto-update mechanism using
repositories. [2]



> _______________________________________________
> nginx mailing list
> nginx at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 859 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the nginx mailing list