[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signature for Source code

From: Tim.Einmahl
Subject: Re: Signature for Source code
Date: Wed, 27 Apr 2016 12:57:36 +0000

Hi Martin,

yes, I know, but what if someone was able to break into the download server? 
He/she could put a malicious monit source code there and of course also change 
the checksum file. So from a security point of view, it would be useful to be 
able to verify the authenticity and integrity of a program by verifying the 
signature of it before installing it into production.


>>Hi Tim,

>>we distribute an sha256 checksum with each source code and binary release, 
>>can check the archive consistency using a checksum: 


> On 26 Apr 2016, at 16:28, address@hidden wrote:
>  Hi,
> I would really appreciate a digital signature for the monit source code for 
> security reasons, so I can be sure it hasn't been tampered with by someone.
> Regards
> Tim
> --
> To unsubscribe:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]