First off, thanks for all the hard work you guys put in on uVNC!
Could you guys post a list of sha256 checksums for your downloadable .exes? Most sites with popular downloadable files do that, so folks can verify they're getting an uncorrupted or unmodified binary.
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Sha256sums for downloadable binaries
-
Rudi De Vos
- Admin & Developer
- Posts: 6867
- Joined: 2004-04-23 10:21
- Contact:
Re: Sha256sums for downloadable binaries
All our files are signed with a code certificat.
If making software you should never release unsigned files. If the cetrificat is available the file is the original.
If the file has change, the certificat isn't valid or removed.
We often post files and signing is automated while checksums require manual page edit.
The problem seems to me that when you can edit a file on our server, you can also change the checksum on the webpage. Authenticode signing is backend by verisign/digicert and embedded in the exe.
If making software you should never release unsigned files. If the cetrificat is available the file is the original.
If the file has change, the certificat isn't valid or removed.
We often post files and signing is automated while checksums require manual page edit.
The problem seems to me that when you can edit a file on our server, you can also change the checksum on the webpage. Authenticode signing is backend by verisign/digicert and embedded in the exe.