In message <[EMAIL PROTECTED]> Paul Kosinski
<[EMAIL PROTECTED]> was claimed to have wrote:
>When I go to the download page for ClamAV at SourceForge,
>I observe that the signature file ("clamav-0.*.*.tar.gz.sig")
>is downloaded less than 10% of the time that the source code
>("clamav-0.*.*.tar.gz") is downloaded. I find this strange,
>especially for anti-malware software, whose users presumably
>think about security more than the average SourceForge visitor.
If you can't trust SourceForge for the source, what makes you think you
can trust the signature file?
Anyone in a position to compromise one would almost definitely be able
to compromise the other.
--
Dave Warren, [EMAIL PROTECTED]
Office: (403) 775-1700 / (888) 300-3480
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
