Menu

#2325 Digitally Signed Binaries

open
Igor Pavlov
None
3
2024-05-10
2022-02-04
Kirk
No

7zip binary files are not digitally signed. Without a digital signature its difficult to ensure the file has not been tampered with. Please consider signing your binary files with something. pgp works just fine.

Related

Bugs: #2325

Discussion

  • Anders

    Anders - 2022-03-11

    You can find a hash of the file in the Sourceforge files section, click the (i) icon in the file list.

     

    • Kirk

      Kirk - 2022-03-11

      You can't do hash checks when the binaries are included as part of another
      package. But more importantly when doing application whitelisting it's a
      much better practice to approve a certificate.

      On Fri, Mar 11, 2022, 10:39 AM Anders anders_k@users.sourceforge.net
      wrote:

      You can find a hash of the file in the Sourceforge files section, click
      the (i) icon in the file list.

      Status: open
      Group:
      Created: Fri Feb 04, 2022 06:04 PM UTC by Kirk
      Last Updated: Fri Feb 04, 2022 06:04 PM UTC
      Owner: Igor Pavlov

      7zip binary files are not digitally signed. Without a digital signature
      its difficult to ensure the file has not been tampered with. Please
      consider signing your binary files with something. pgp works just fine.

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/sevenzip/bugs/2325/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #2325

      alternate

  • C Drake

    C Drake - 2022-05-31

    You would be more helpful to spell out ALL the steps they need to follow (including getting the cert) - they're not signing things because they probably don't know how!

     

Log in to post a comment.

MongoDB Logo MongoDB