On 31/10/2016 19:00, rich...@quicksilvercollectibles.com wrote:
I cannot say I know for a fact these binaries came from the
original source code or aren't otherwise tampered with. The original
OpenSSL files you downloaded were signed. Then you don't sign. Then I do
sign. You're sort of a broken link in the security chain.

You can only be sure the binaries are fine, and the result of the original source code, if you build them yourself and the system where you build them is clean. Providing the hash files for the ICS downloads is not a complicated thing, but will only grant you the download wasn't tampered, by a MiM attack (having HTTPS access on overbyte.be would reduce this possibility), while downloading.

To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to