Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Oct 19, 2014, 8:59:29 PM (9 years ago)
- Author:
-
datallah
- Comment:
-
Add my new code signing certificate thumbprint
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v6
|
v7
|
|
1 | 1 | == What is a signature and why should I check it? == |
2 | 2 | |
3 | | The fact that you're using pidgin means that you have some level of trust in the authors, but It's not beyond the realm of possibility that someone else could make an "evil" patched version of pidgin which would steal your sensitive data without your knowledge. |
| 3 | The fact that you're using pidgin means that you have some level of trust in the authors, but it's not beyond the realm of possibility that someone else could make an "evil" patched version of pidgin which would steal your sensitive data without your knowledge. |
4 | 4 | |
5 | | When you download a file from the internet, unless you take additional steps, you don't have a good way of knowing if the file may have been tampered with. If you were to somehow end up with the "evil" version instead of the official release, how would you know the difference? |
| 5 | When you download a file from the internet, unless you take additional steps, you don't have a good way of knowing if the file has been tampered with. If you were to somehow end up with the "evil" version instead of the official release, how would you know the difference? |
6 | 6 | |
7 | 7 | This is where signatures come in - file signatures are very similar in principle to the idea behind signing both the back of your credit card, and a credit card receipt (pretending that the signature on a credit card receipt isn't trivially easy to forge for the purpose of this example). The signature can be used to verify that the file came from whom it was expected to come. |
… |
… |
|
33 | 33 | === Windows Installers === |
34 | 34 | As of Pidgin 2.10.7, the various Windows binaries are signed in two ways. |
35 | | * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of `C5476901C3C63FABF54CEBA9E3F887932A9579B5` |
| 35 | * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of one of the following: |
| 36 | * Pidgin 2.10.7 - 2.10.9: `C5476901C3C63FABF54CEBA9E3F887932A9579B5` |
| 37 | * Pidgin 2.10.10+: `45b37f151a113d5070036421370813b9fba5cb13` |
36 | 38 | * all distributed packages (installers, debug symbols, binary zip file, gtk bundle zip file) are signed with [http://www.gnupg.org/ GPG] by Daniel Atallah (`DE890574`). |
37 | 39 | |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!