[sudo-users] Security via checksum for downloadables
Todd C. Miller
Todd.Miller at courtesan.com
Tue Mar 26 02:54:46 MDT 2013
On Tue, 26 Mar 2013 09:35:02 +0100, Sonja Benz wrote:
> I would like to use your sources and binaries. However, how can I be sure,
> the packages are not changed and secure. Did you ever think about
> supplying a checksum for it?
There is a SHA256 file in each directory that contains the sha256
checksums of the files. The sudo source and binary packages are
also signed with my gpg key, as is the SHA256 file.
More information about the sudo-users