Release Image Signatures

Started by baffo32, January 05, 2023, 04:59:00 PM

Previous topic - Next topic


Hi, I suspect this applies to other boards, too.

I was surprised to discover there were no signed hashes available alongside the system image releases.

It would be of benefit to users, and is crucial in a security context, to provide PGP-signed hashes of release images.

This is both because there have frequently been TLS infrastructure breaches, and also because it is labor-intensive and requires network access to verify an image that is only authenticated via TLS.


There is md5 inside the archive with the image.
Technical support and documentation manager at Olimex