[Pidgin] Are the packages signed modified
Pidgin
trac at pidgin.im
Sun Oct 19 16:59:30 EDT 2014
Page "Are the packages signed" was changed by datallah
Diff URL: <https://developer.pidgin.im/wiki/Are%20the%20packages%20signed?action=diff&version=7>
Revision 7
Comment: Add my new code signing certificate thumbprint
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: Are the packages signed
=========================================================================
--- Are the packages signed (version: 6)
+++ Are the packages signed (version: 7)
@@ -1,8 +1,8 @@
== What is a signature and why should I check it? ==
-The fact that you're using pidgin means that you have some level of trust in the authors, but It's not beyond the realm of possibility that someone else could make an "evil" patched version of pidgin which would steal your sensitive data without your knowledge.
+The fact that you're using pidgin means that you have some level of trust in the authors, but it's not beyond the realm of possibility that someone else could make an "evil" patched version of pidgin which would steal your sensitive data without your knowledge.
-When you download a file from the internet, unless you take additional steps, you don't have a good way of knowing if the file may have been tampered with. If you were to somehow end up with the "evil" version instead of the official release, how would you know the difference?
+When you download a file from the internet, unless you take additional steps, you don't have a good way of knowing if the file has been tampered with. If you were to somehow end up with the "evil" version instead of the official release, how would you know the difference?
This is where signatures come in - file signatures are very similar in principle to the idea behind signing both the back of your credit card, and a credit card receipt (pretending that the signature on a credit card receipt isn't trivially easy to forge for the purpose of this example). The signature can be used to verify that the file came from whom it was expected to come.
@@ -32,7 +32,9 @@
=== Windows Installers ===
As of Pidgin 2.10.7, the various Windows binaries are signed in two ways.
- * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of `C5476901C3C63FABF54CEBA9E3F887932A9579B5`
+ * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of one of the following:
+ * Pidgin 2.10.7 - 2.10.9: `C5476901C3C63FABF54CEBA9E3F887932A9579B5`
+ * Pidgin 2.10.10+: `45b37f151a113d5070036421370813b9fba5cb13`
* all distributed packages (installers, debug symbols, binary zip file, gtk bundle zip file) are signed with [http://www.gnupg.org/ GPG] by Daniel Atallah (`DE890574`).
The authenticode signature can be verified most easily by using Windows Explorer to look at the Properties of the installer executable.
-------8<------8<------8<------8<------8<------8<------8<------8<--------
--
Page URL: <https://developer.pidgin.im/wiki/Are%20the%20packages%20signed>
Pidgin <https://pidgin.im>
Pidgin
This is an automated message. Someone added your email address to be
notified of changes on 'Are the packages signed' page.
If it was not you, please report to datallah at pidgin.im.
More information about the Wikiedit
mailing list