Am 18.04.2014 um 07:55 schrieb Pavel Sanda <[email protected]>: > Jerry wrote: >> On Apr 16, 2014, at 11:17 PM, Stephan Witt <[email protected]> wrote: >>> Am 14.04.2014 um 19:47 schrieb Vincent van Ravesteijn <[email protected]>: >>> The package for mac is here: >>> >>> https://dl.dropboxusercontent.com/u/27842660/LyX-2.1.0%2Bqt4-cocoa.dmg >>> https://dl.dropboxusercontent.com/u/27842660/LyX-2.1.0%2Bqt4-cocoa.dmg.sig >>> >>> Stephan >> >> Dumb question no doubt, but what is the purpose of the .sig file? Is this >> related to codesigning? > > Yes. We have paragraph about this in download section of our web. > > It helps to ensure that the file's contents has not been changed by someone > else than > by the one owing private key. You might know about the cases when attackers > get into > ftp infrastructure of some projects and added backdoors to the code released. > This > helps until they also succesfully hack into computers of the people who do > the releases ;) > > Pavel
But it's not the key for Apples gatekeeper code signing. Mac binaries may come as singed executables with an key compiled in to ensure it's from a known and legitimate apple developer and that it's contents was not modified on the way from the "work bench" to the end user. That's the same idea but the developer has to pay for it. Stephan
