Snort mailing list archives
Re: Gripe - Snort "other" downloads not signed/hashed
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Thu, 23 Aug 2012 15:02:38 -0400
Hey there! I'll provide a sha1sum for autosnort today on github. Thanks for your concern. Sincerely, -Tony/da667 On Thu, Aug 23, 2012 at 2:51 PM, Joel Esler <jesler () sourcefire com> wrote:
On Aug 23, 2012, at 2:36 PM, Nathan <nathan () packetmail net> wrote:Respectfully, please consider (strongly consider) signing thedownloadablepackages via GPG or at a minimum providing hashes(MD5/SHA1/SHA256/SHA512?).This ensures that the package hasn't been tampered with and is a standard practice for just about every piece of code/software out there in theopensource world. Not having this, especially from a security provider thatishosting downloads "in the cloud" causes concern and doesn't allow one to ensure the archive hasn't been tampered with. Didn't see any hashes/signatures on http://www.snort.org/snort-downloads/additional-downloads/ if I amoverlookingthe obvious please forgive me and let me know. Daemonlogger rocks, Ijustwant to make sure it's not been tampered with :)Most of those links are third party, and should link to the project's individual page. I'll take a look at those that don't do that. As far as Daemonlogger, we're going to be doing something with that soon. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Gripe - Snort "other" downloads not signed/hashed Joel Esler (Aug 23)
- Re: Gripe - Snort "other" downloads not signed/hashed Tony Robinson (Aug 23)