Menu
▾
▴
#13 Please make tgz-archive verifiable
Would it be possible to have the tgz-archive (collada-dom-2.4.0.tgz) being signed using GnuPG or another OpenPGP-compatible program? Downloading an unsigned file via http can be changed by anyone on the way from sourceforge to your own ISP, so you cannot be sure that there isn't someone injecting malicious code when you download the archive.
