Hi Martin, yes, I know, but what if someone was able to break into the download server? He/she could put a malicious monit source code there and of course also change the checksum file. So from a security point of view, it would be useful to be able to verify the authenticity and integrity of a program by verifying the signature of it before installing it into production.
Regards Tim >>Hi Tim, >>we distribute an sha256 checksum with each source code and binary release, >>you >>can check the archive consistency using a checksum: >>https://mmonit.com/monit/dist/ >>Regards, >>Martin > On 26 Apr 2016, at 16:28, address@hidden wrote: > > Hi, > > I would really appreciate a digital signature for the monit source code for > security reasons, so I can be sure it hasn't been tampered with by someone. > > Regards > Tim > > > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general -- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
