Need hash sums for .EXE if from sourceforge
Dave Warren
lists at hireahit.com
Thu May 31 19:45:04 EDT 2012
On 5/31/2012 4:17 PM, Mark Doliner wrote:
> I could always create gpg signatures of the .exe files the same way we
> do for the tar balls.
That's probably worthwhile for all 6 users who will bother to check it.
Plus the reality of it, at least from my point of view, is that unless
the GPG signature is distributed in a significantly different fashion
from the EXE itself, it can be tampered with by anyone who has access to
update the EXE itself.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the Support
mailing list