On 2014-10-12 08:52, Ren Siyuan wrote: > I am trying to download a version of OpenSSH newer than the one preinstalled with my OS. But sadly I find that I can only download it through *unsecured* plain http/ftp/rsync protocol, vulnerable to attacks by anyone in the network path. It is odd that *the* software about security and encryption across untrusted network is distributed to everyone insecurely and not encrypted. Is there any future plan to distribute OpenSSH over secured channel, such as https? Are you saying you cannot trust the checksum posted on openssh.com? -- Yves. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev