[sudo-users] Security via checksum for downloadables

Todd C. Miller Todd.Miller at courtesan.com
Tue Mar 26 02:54:46 MDT 2013

On Tue, 26 Mar 2013 09:35:02 +0100, Sonja Benz wrote:

> I would like to use your sources and binaries. However, how can I be sure, 
> the packages are not changed and secure. Did you ever think about 
> supplying a checksum for it?

There is a SHA256 file in each directory that contains the sha256
checksums of the files.  The sudo source and binary packages are
also signed with my gpg key, as is the SHA256 file.

 - todd

More information about the sudo-users mailing list