No HTTPS on nginx.org by default
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Mon Aug 22 16:03:55 UTC 2016
Hello!
On 08/22/2016 10:58 PM, rainer at ultra-secure.de wrote:
>
> nginx doesn't provide an auto-update mechanism that stupidly downloads
> and accepts all and everything somebody makes available under some
> spoofed address.
You can use PGP key[1] to verified the binary was correct or "injected"
or "spoofed". Anyway, nginx support auto-update mechanism using
repositories. [2]
[1] http://nginx.org/en/pgp_keys.html
[2] http://nginx.org/en/linux_packages.html
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 859 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160822/5f538d57/attachment.bin>
More information about the nginx
mailing list