Re: leaks in our only-signed-software fortress
Am 18.02.2012 14:40, schrieb Neil Williams:
I think as a start it should be made a policy that any "wrapper"
downloads code from the net must at least do a strong checksum check
Not possible to enforce as a 'MUST' because, by definition,
websites will not provide checksums for every possible download
Well it's still possible then,... the maintainer can just calculate
sums on his own.
Of course this does not mean things are secure (the maintainer could
already use a forged version)... but at least it helps again single MITM