PGP .exe file signatures
Jamestk
davidjamestk at hotmail.co.uk
Sat Dec 26 11:25:11 EST 2015
John Ralls-2 wrote
>> On Dec 26, 2015, at 6:49 AM, Jamestk <
> davidjamestk at .co
> > wrote:
>>
>> Hello folks,
>>
>> In the process of upgrading all of my software and wanted to check .exe
>> files before installation.
>>
>> Some sites offer a pgp signature which is used to sign and verify the
>> executable, is this something that GNU cash lists or is it not really
>> needed?
>>
>> Searched the main web site and source forge although did find sha1 text
>> file
>> but this is only for tar ball.
>>
>> Thanks and Happy New Year to all.
>
> We're not code-signing the Windows package at present. I agree that it
> would be a good idea and worth examining. In the meantime I can add a
> sha256 hash for it in the README. Sourceforge already offers a sha1 on
> each file, but that's generated on the fly and is only useful for
> confirming that you got a clean download; it doesn't assure you that the
> file hasn't been tampered with. Of course, if someone can replace the
> Windows package they can replace the README as well, so I suppose that
> doesn't provide any better assurance.
>
> FWIW the Mac Intel GnuCash.app *is* code-signed with an Apple developer
> certificate.
>
> Regards,
> John Ralls
>
>
> _______________________________________________
> gnucash-user mailing list
> gnucash-user@
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
Many thanks John, that's very helpful.
--
View this message in context: http://gnucash.1415818.n4.nabble.com/PGP-exe-file-signatures-tp4682062p4682064.html
Sent from the GnuCash - User mailing list archive at Nabble.com.
More information about the gnucash-user
mailing list