Modify

Opened 3 months ago

Closed 3 months ago

#51 closed enhancement (fixed)

Add additional security to stitch

Reported by: Dax Dupont <skyemenjou@…> Owned by:
Priority: major Component: Stitch
Keywords: security Cc:

Description

At this point in time, third party mirrors can substitute files for malicious ones since there's no signing of files.

A solution would be a hashtable file that's signed by a private key that's verified against a built in public key or a public key retrieved from the main website.

Attachments (0)

Change History (1)

comment:1 Changed 3 months ago by tha

Resolution: fixed
Status: newclosed

Hello and thanks for reporting! Stitch 1.15 will now additionally verify that the files in a remote repository, when hashed, will match the official repository's checksum stamp. This should ensure that the files have not been tampered with. Thanks!

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.