I don't really get it, how can I possibly protect others when the binaries I serve can potentially be malicious and I can potentially have malicious intentions ?
Should I post checksums ? Doesn't work :
- if I have malicious intentions the checksums will match the malicious binaries.
- if the binaries get changed without me knowing it means that the server got compromised, the checksums shouldn't then be trusted either
- if I post a link to SF, that won't help since some users won't be able to access it and it also could be compromised
Let's face it, if you're truly paranoid, you read the source and then you compile it. Oh wait, you'd need to compile gcc too
If you have better ideas than the couple I exposed I'm open. But I'd rather give no checksums than a false sense of security.
Should I post checksums ? Doesn't work :
- if I have malicious intentions the checksums will match the malicious binaries.
- if the binaries get changed without me knowing it means that the server got compromised, the checksums shouldn't then be trusted either
- if I post a link to SF, that won't help since some users won't be able to access it and it also could be compromised
Let's face it, if you're truly paranoid, you read the source and then you compile it. Oh wait, you'd need to compile gcc too
If you have better ideas than the couple I exposed I'm open. But I'd rather give no checksums than a false sense of security.
Actually I do compile gcc, but not for security reasons, lol.
And you are right about it being better to provide no checkfiles then provide a false sense of security.
What you could do is also mirror http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.24/SHA1SUMS.asc/download and provide a link to http://bitcoin.org/jgarzik-exmulti.asc which an earlier post said is the right signature to verify. Now you have not only provided a way to check your mirrored files, but that no one has changed the sf ones since you mirrored them.