Important Suggestion: for MDL Projects and Applications [Crypto] *** See Admin + Mods

You need to login to view this posts content.

 

The host accounts where the authors upload releases could become compromised, files swapped, and also many other potential problems. Whereas if we have the signatures ahead of time on file, we can compare and deter these kind of malicious dupes for good. Cryptography is very reliable. Oh and thank you for the Feedback section. I'll post there

 

Since the checksum text is hosted on MDL, we have control over that. Whereas external hosting sides or the author's emails/systems can be compromised. We can make a universal thread "MDL projects hash signatures" to aggregate all checksums on a central place. Then lock the thread and make it read-only with time stamps and editable only by high mods or perhaps only by an admin.

 

While the author's/developer's are active (and who they say they are) we can record all the signatures and whitelist those known and verified hashes. And in the event the author's release thread is taken over and signatures modified and links poisoned, the authors can obviously notify us right away through a new account that their account or by email that they've been compromised so we can shutdown the bad links. But we need to take the snapshot of the applications and their signatures right away so we can have a reference for comparison in the case of an attack or just for security and good practice. Is all about being ready...

 

You need to login to view this posts content.