[Snort-sigs] Gripe - Snort "other" downloads not signed/hashed

Tony Robinson deusexmachina667 at ...2420...
Thu Aug 23 15:02:38 EDT 2012


Hey there! I'll provide a sha1sum for autosnort today on github. Thanks for
your concern.

Sincerely,

-Tony/da667

On Thu, Aug 23, 2012 at 2:51 PM, Joel Esler <jesler at ...435...> wrote:

> On Aug 23, 2012, at 2:36 PM, Nathan <nathan at ...3397...> wrote:
>
> > Respectfully, please consider (strongly consider) signing the
> downloadable
> > packages via GPG or at a minimum providing hashes
> (MD5/SHA1/SHA256/SHA512?).
> >
> > This ensures that the package hasn't been tampered with and is a standard
> > practice for just about every piece of code/software out there in the
> open
> > source world.  Not having this, especially from a security provider that
> is
> > hosting downloads "in the cloud" causes concern and doesn't allow one to
> > ensure the archive hasn't been tampered with.
> >
> > Didn't see any hashes/signatures on
> > http://www.snort.org/snort-downloads/additional-downloads/ if I am
> overlooking
> > the obvious please forgive me and let me know.  Daemonlogger rocks, I
> just
> > want to make sure it's not been tampered with :)
>
> Most of those links are third party, and should link to the project's
> individual page.  I'll take a look at those that don't do that.
>
> As far as Daemonlogger, we're going to be doing something with that soon.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>



-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120823/cb6fcda7/attachment.html>


More information about the Snort-sigs mailing list