moolticute
moolticute copied to clipboard
mooltipass
Checksums (SHA256/512) and GPG signatures for Moolticute binaries
8<------------------------ FEATURE REQUEST ------------------------------------
Missing feature
Checksums (SHA256/512) and GPG signatures for Moolticute binaries.
Justification
Given the critical part the Moolticute app plays in managing the Mooltipass devices, it seems important that users should be able to authenticate and verify the binaries they download before installing and using them.
Workarounds
Are there any workarounds you currently have in place because the feature is missing? None.
8<------------------------ END FEATURE REQUEST --------------------------------
Unless I'm mistaken, on windows & macOS this is "done" using our certificates.
I referred to Apple's Platform Security Guide, and it confirms what you said. I can't speak to the Windows implementation.
It would be chiefly of benefit to Linux users, from the looks of things.
Mathieu:
Unless I'm mistaken, on windows & macOS this is "done" using our certificates.
— Reply to this email directly, view it on GitHub https://github.com/mooltipass/moolticute/issues/998#issuecomment-1060937435, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD7JZOD7D6GBZHEH44343XDU6Y33TANCNFSM5QD53HKA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you authored the thread.Message ID: @.***>
Knowing the SHA values and validating the signature is just another way to allow users to check on security.
