Re: Gripe - Snort "other" downloads not signed/hashed

[Tony Robinson <deusexmachina667 () gmail com>]

Hey there! I'll provide a sha1sum for autosnort today on github. Thanks for
your concern.

Sincerely,

-Tony/da667

On Thu, Aug 23, 2012 at 2:51 PM, Joel Esler <jesler () sourcefire com> wrote:

> On Aug 23, 2012, at 2:36 PM, Nathan <nathan () packetmail net> wrote:
>
> > Respectfully, please consider (strongly consider) signing the
> downloadable
> > packages via GPG or at a minimum providing hashes
> (MD5/SHA1/SHA256/SHA512?).
> > This ensures that the package hasn't been tampered with and is a standard
> > practice for just about every piece of code/software out there in the
> open
> > source world.  Not having this, especially from a security provider that
> is
> > hosting downloads "in the cloud" causes concern and doesn't allow one to
> > ensure the archive hasn't been tampered with.
> >
> > Didn't see any hashes/signatures on
> > http://www.snort.org/snort-downloads/additional-downloads/ if I am
> overlooking
> > the obvious please forgive me and let me know.  Daemonlogger rocks, I
> just
> > want to make sure it's not been tampered with :)
>
> Most of those links are third party, and should link to the project's
> individual page.  I'll take a look at those that don't do that.
>
> As far as Daemonlogger, we're going to be doing something with that soon.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!



-- 
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!