zlacker

[parent] [thread] 3 comments
1. firest+(OP)[view] [source] 2025-12-06 15:40:53
You can use this site

https://distro.ibiblio.org/tinycorelinux/downloads.html

And all the files are here

https://distro.ibiblio.org/tinycorelinux/16.x/x86/release/

Under a HTTPS connection. I am not at a terminal to check the cert with OpenSSL.

I don’t see any way to check the hash OOB

Also this same thing came up a few years ago

https://www.linuxquestions.org/questions/linux-newbie-8/reli...

replies(1): >>maccar+a4
2. maccar+a4[view] [source] 2025-12-06 16:13:22
>>firest+(OP)
Is that actually tiny core? It’s _likely_ it is, but that’s not good enough.

> this same thing came up a few years ago

Honestly, that makes this inexcusable. There are numerous SSL providers available for free, and if that’s antithetical to them, they can use a self signed certificate and provide an alternative method of verification (e.g. via mailing list). The fact they don’t take this seriously means there is 0 chance I would install it!

Honestly, this is a great use for a blockchain…

replies(1): >>firest+e6
◧◩
3. firest+e6[view] [source] [discussion] 2025-12-06 16:29:57
>>maccar+a4
I usually only install on like a Raspberry Pi or VM for these toy distros

Are any distros using block chain for this ?

I am used to using code signing with HSMs

replies(1): >>maccar+kj
◧◩◪
4. maccar+kj[view] [source] [discussion] 2025-12-06 18:19:15
>>firest+e6
I’d install it as a VM maybe,

> are any sisters using blockchain

I don’t think so, but it’s always struck me as a good idea - it’s actual decentralised verification of a value that can be confirmed by multiple people independently without trusting anyone other than the signing key is secure.

> I am used to code signing with HSMs

Me too, but that requires distributing the public key securely which… is exactly where we started this!

[go to top]