[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signature for Source code
From: |
Martin Pala |
Subject: |
Re: Signature for Source code |
Date: |
Wed, 27 Apr 2016 15:22:36 +0200 |
OK, makes sense, we can add it.
Regards,
Martin
> On 27 Apr 2016, at 14:57, address@hidden wrote:
>
> Hi Martin,
>
> yes, I know, but what if someone was able to break into the download server?
> He/she could put a malicious monit source code there and of course also
> change the checksum file. So from a security point of view, it would be
> useful to be able to verify the authenticity and integrity of a program by
> verifying the signature of it before installing it into production.
>
> Regards
> Tim
>
>
>>> Hi Tim,
>
>>> we distribute an sha256 checksum with each source code and binary release,
>>> you
>>> can check the archive consistency using a checksum:
>>> https://mmonit.com/monit/dist/
>
>>> Regards,
>>> Martin
>
>
>> On 26 Apr 2016, at 16:28, address@hidden wrote:
>>
>> Hi,
>>
>> I would really appreciate a digital signature for the monit source code for
>> security reasons, so I can be sure it hasn't been tampered with by someone.
>>
>> Regards
>> Tim
>>
>>
>>
>> --
>> To unsubscribe:
>> https://lists.nongnu.org/mailman/listinfo/monit-general
>
>
>
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general