Threats against software development projects are on the rise, and this problem is especially relevant to privacy tools like Ricochet Refresh.
Older versions of Ricochet Refresh came with GPG signatures. However, I can't find any GPG signatures or hashes with the newer releases.
To enable users to check that their downloads are indeed what the developers have released and not malware, please provide GPG signatures. If appropriate, cryptographically secure hashes that are signed.
morganava
commented
2 years ago
Threats against software development projects are on the rise, and this problem is especially relevant to privacy tools like Ricochet Refresh.
Older versions of Ricochet Refresh came with GPG signatures. However, I can't find any GPG signatures or hashes with the newer releases.
To enable users to check that their downloads are indeed what the developers have released and not malware, please provide GPG signatures. If appropriate, cryptographically secure hashes that are signed.