Downloads are not signed
Brought to you by:
niallg
Menu
▾
▴
#18 Downloads are not signed
Please PGP sign the download files. I have no particular reason to trust the integrity of the SourceForge mirror network. As recent events have demonstrated, the SourceForge chain is not immune to security breaches. Signing the distributables would strengthen a few links of this chain. It is unfortunate that SourceForge does not encourage signing - as evidenced by very few SF hosted projects appearing to apply this best practice.
