Jump to content
Sign in to follow this  
Guest photoman


Recommended Posts

I agree a download checksum is needed. If it's in your site, I can't find it, and I didn't see it at the download sites.

It should not be difficult for your release team to integrate into their build process, assuming it's automated with make or Ant or something like that.

You could generate an md5, sha1, or sha256 checksum using a program like md5deep (or sha1deep or sha256deep) available from http://md5deep.sourceforge.net .

I don't know what latitude your download sites give you in including a checksum or a signature file on the download pages, but it should be at each of them. True, Megaload.com requires code entry, but that protects them, not the person downloading the file.

At the very least, you could include it on your download page. (However, if you have it at each of the download sites, it would be much harder for a cracker to forge all of them.)

Use of binary signatures would be better yet. In this case you would include the associated rsa file and key file, after your have posted your key to a key server (e.g., keyserver.net)

Perhaps you've confronted this, and have legitimate reasons for having forgone the such a practice. However, as easy as it is, I'll make the (probably mistaken) assumption that it's for lack of requests, or something like that.

A good example is at http://www.chiark.greenend.org.uk/~sgta ... /keys.html (Putty is an OpenSSH implementation).


P.S. I'm simply trying to be informative and, at the same time, trying to promote the use of safe networking practices. My apologies if this post sounded preachy (after all you didn't ask for it). It's not meant that way at all.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.