Hi, folks. Apologies if I'm digging up an old issue that has already
been discussed to death.
It appears that our download page serves llvm and clang binaries over
It seems that it's very likely that the sets of people
* who download our binaries, and
* who are targeted for surveillance by strong network attackers
have a nonempty intersection. So serving binaries over http seems...cavalier?
(I see that we do provide .sig files, but we provide no instructions
for verifying them. Moreover there's a bootstrapping problem:
Presumably I need to get llvm's public key from somewhere, but is
*that* served to me in a trustworthy way? But this is all academic,
since I'm sure 99% of people who download our binaries don't go
through the trouble of verifying signatures manually.)
I know none of us are professional sysadmins or anything, but still,
it would be cool if we could do right by our users in this respect.