> > No-one else has asked about PGP or signing source or libraries
> > in the last six years of mailing archives.
>
> I can see that this has just never occurred to you before. That's
> not a crime.
Or it would appear to any other ICS users.
> You lecture me regarding security that you have
Hi Angus,
I can see I must have offended you. I'm sorry for that. Honestly, it
wasn't my intention, but sometimes I can be pretty stupid in my human
relations. So often I say the wrong thing; use the wrong words. I'm
better with computers than with people. In real life, my wife helps out.
She's ve
> > One thing that could be done with a new command batch file is to
> > digitally sign the OpenSSL DLLs, which you can already do for
> > your own customers.
>
> You're right. All that's required is a batch file. I PGP sign all
> my source and binaries. It's required.
Required by whom? Your
> the download wasn't tampered, by a MiM attack (having HTTPS
> access on overbyte.be would reduce this possibility)
The latest OpenSSL files are always available from my ICS components
page which is secure:
https://www.magsys.co.uk/delphi/magics.asp
The nightly SVN zip is also on that page si
On 31/10/2016 19:00, rich...@quicksilvercollectibles.com wrote:
I cannot say I know for a fact these binaries came from the
original source code or aren't otherwise tampered with. The original
OpenSSL files you downloaded were signed. Then you don't sign. Then I do
sign. You're sort of a broken l
I first sent this from the wrong email address. My apology.
On Fri, 28 Oct 2016 08:24 +0100 (BST), you wrote:
>
> > When downloading ICS and the OpenSSL binaries you provide, I've
> > never been able to find any sig, sha, or md5 files for checking
> > authenticity.
>
> ICS itself is source code, s
> When downloading ICS and the OpenSSL binaries you provide, I've
> never been able to find any sig, sha, or md5 files for checking
> authenticity.
ICS itself is source code, so in theory is not a security risk.
We don't provide any authentication for our builds of the OpenSSL tools
because n
Hi All,
When downloading ICS and the OpenSSL binaries you provide, I've never
been able to find any sig, sha, or md5 files for checking authenticity.
I probably have overlooked these. Could you help me out with this?
Thanks,
Richard
--
To unsubscribe or change your settings for TWSocket mailing
