xehonu / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

Hash Value for Download? #48

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Our security officer is nervous about our downloading OSS products. He's 
afraid the code might be tampered with. Would it be possible provide a 
hash value for the downloads? It would ease his mind.

Original issue reported on code.google.com by ll...@yahoo.com on 31 Mar 2010 at 5:52

GoogleCodeExporter commented 8 years ago
You can download over https:

https://skipfish.googlecode.com/files/skipfish-1.27b.tgz

I am not sure what else would a hash prove beyond that. If you don't trust the
package, it should be very easy to audit the code, as this app is pretty 
compact.

Original comment by lcam...@google.com on 31 Mar 2010 at 6:22

GoogleCodeExporter commented 8 years ago

Original comment by lcam...@gmail.com on 31 Mar 2010 at 6:23

GoogleCodeExporter commented 8 years ago
Yes a hash doesn't help much. Try adding a *.asc with gpg2 --detach-sign 
--armor,
all the security types do that ;-)

Original comment by n3npq....@gmail.com on 5 Jul 2010 at 4:45