Tim, If that's your concern - wouldn't it be smarter to run the source code through your own source code analysis tool before running it in a safe environment to verify it's secure/safe? Then if it works you can install it in development, then staging before pushing the code to your production environment.
Russ On Wed, Apr 27, 2016 at 8:57 AM, <[email protected]> wrote: > Hi Martin, > > yes, I know, but what if someone was able to break into the download > server? He/she could put a malicious monit source code there and of course > also change the checksum file. So from a security point of view, it would > be useful to be able to verify the authenticity and integrity of a program > by verifying the signature of it before installing it into production. > > Regards > Tim > > > >>Hi Tim, > > >>we distribute an sha256 checksum with each source code and binary > release, you > >>can check the archive consistency using a checksum: > >>https://mmonit.com/monit/dist/ > > >>Regards, > >>Martin > > > > On 26 Apr 2016, at 16:28, address@hidden wrote: > > > > Hi, > > > > I would really appreciate a digital signature for the monit source code > for > > security reasons, so I can be sure it hasn't been tampered with by > someone. > > > > Regards > > Tim > > > > > > > > -- > > To unsubscribe: > > https://lists.nongnu.org/mailman/listinfo/monit-general > > > > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general >
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
