Closed Yurisu1 closed 7 years ago
KOLANICH
commented
7 years ago It's clearly malicious not to use https and digital signatures (or other means of authentication) in 2017. We cannot be sure that the binaries came from the author and are not altered in the way.
Skulltrail192
commented
7 years ago One-core-binaries could be recognized as trojan because i must edit native dlls. And, it is based on WRAPPERS!!! Wrappers are components that represents others, invoquing real components. About it is malicious, of course not, i work every day about 4 years on this system without payment and i pay a host to files, so, i really can't use https, digital signatures. It would come out of my pocket, and it would take more of my life than the project should take. It is sad to lack recognition. Use if you wish to use.
KOLANICH
commented
7 years ago i really can't use https maybe. BTW, let's encrypt certs are free. digital signatures. You can. Use gpg. It's free. It is not x509 cert depending on PKI. Just generate a long enough gpg key and make your friends and friends of your friends and well-known FOSS developers to sign it. Then upload it to public keyserver and mirror on your website (use https to deliver the key and its fingerprints) and github account (github has also a field to paste your gpg key to verify your commits). Than you should sign your commits using the key and sign your releases using the same key. In this way the key will be bound to your website, github account and web of trust so it will get some amount of trustworthness.
one-core-x86.rar is recognized as trojan by several antivirus programs: https://virustotal.com/nn/file/0cac4b8a32f880373649ecd40da53f3ac4a92bf4c5326640b26ea35da57eac02/analysis/ If this is not true, an explanation should be added to the documentation.