Re: Signature for Source code

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signature for Source code

From:	Martin Pala
Subject:	Re: Signature for Source code
Date:	Wed, 27 Apr 2016 15:22:36 +0200

OK, makes sense, we can add it.

Regards,
Martin


> On 27 Apr 2016, at 14:57, address@hidden wrote:
> 
> Hi Martin,
> 
> yes, I know, but what if someone was able to break into the download server? 
> He/she could put a malicious monit source code there and of course also 
> change the checksum file. So from a security point of view, it would be 
> useful to be able to verify the authenticity and integrity of a program by 
> verifying the signature of it before installing it into production.
> 
> Regards
> Tim
> 
> 
>>> Hi Tim,
> 
>>> we distribute an sha256 checksum with each source code and binary release, 
>>> you 
>>> can check the archive consistency using a checksum: 
>>> https://mmonit.com/monit/dist/
> 
>>> Regards,
>>> Martin
> 
> 
>> On 26 Apr 2016, at 16:28, address@hidden wrote:
>> 
>> Hi,
>> 
>> I would really appreciate a digital signature for the monit source code for 
>> security reasons, so I can be sure it hasn't been tampered with by someone.
>> 
>> Regards
>> Tim
>> 
>> 
>> 
>> --
>> To unsubscribe:
>> https://lists.nongnu.org/mailman/listinfo/monit-general
> 
> 
> 
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general

[Prev in Thread]

Current Thread

[Next in Thread]

Signature for Source code, Tim.Einmahl, 2016/04/26
- Re: Signature for Source code, Martin Pala, 2016/04/27
- Re: Signature for Source code, Tim.Einmahl, 2016/04/27
  - Re: Signature for Source code, Russell Simpkins, 2016/04/27
  - Re: Signature for Source code, Martin Pala <=

Prev by Date: Re: Signature for Source code
Next by Date: Re: Monit starting out without monitoring (Martin Pala)
Previous by thread: Re: Signature for Source code
Next by thread: Re: Monit starting out without monitoring (Martin Pala)
Index(es):
- Date
- Thread