|Subject:||Re: Signature for Source code|
|Date:||Wed, 27 Apr 2016 09:22:24 -0400|
yes, I know, but what if someone was able to break into the download server? He/she could put a malicious monit source code there and of course also change the checksum file. So from a security point of view, it would be useful to be able to verify the authenticity and integrity of a program by verifying the signature of it before installing it into production.
>>we distribute an sha256 checksum with each source code and binary release, you
>>can check the archive consistency using a checksum:
> On 26 Apr 2016, at 16:28, address@hidden wrote:
> I would really appreciate a digital signature for the monit source code for
> security reasons, so I can be sure it hasn't been tampered with by someone.
> To unsubscribe:
|[Prev in Thread]||Current Thread||[Next in Thread]|