Hi, folks. Apologies if I'm digging up an old issue that has already
been discussed to death.
It appears that our download page serves llvm and clang binaries over
plain http:
It seems that it's very likely that the sets of people
* who download our binaries, and
* who are targeted for surveillance by strong network attackers
have a nonempty intersection. So serving binaries over http seems...cavalier?
(I see that we do provide .sig files, but we provide no instructions
for verifying them. Moreover there's a bootstrapping problem:
Presumably I need to get llvm's public key from somewhere, but is
*that* served to me in a trustworthy way? But this is all academic,
since I'm sure 99% of people who download our binaries don't go
through the trouble of verifying signatures manually.)
I know none of us are professional sysadmins or anything, but still,
it would be cool if we could do right by our users in this respect.
-Justin