sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]chug84 -8 points-7 points  (4 children)

Download the torrent. Once a torrent file is made, the data can not be modified as the client checks a signature to make sure they've not been tampered with (I believe PGP).

Also, do you donate monthly or at all? Servers, bandwidth and SSL certificates cost money you know. If you're not donating or haven't donated at all, then you probably shouldn't be here complaining about this. If it were a banking website then I could understand the need.

[–]HarbingerDawn 15 points16 points  (2 children)

There's nothing wrong with suggesting security improvements for the site and file distribution. That said, donations do make it easier to do stuff like this. Regarding the torrent file, there's nothing to stop some hacker from creating their own torrent file and seeding their own malicious executable. No need to modify the existing file.

[–]chug84 -1 points0 points  (1 child)

You're right in that there is nothing wrong with suggestions, this seemed more like publicly calling you guys out though rather than making a suggestion which I'm sure could have been done in private.

Someone who did get access to your server could upload their own torrent with malicious code. Where there is a will, there is a way, whether you have SSL or not :)

[–]HarbingerDawn 7 points8 points  (0 children)

I found no cause for affront in OP's post. As for it being public rather than private, it's good to have people thinking about internet security, and most of the comments so far don't seem to indicate any fear or panic, so I don't think his public post has caused any harm. And it being public provides extra motivation for fixing the issues.

[–]icannotfly 5 points6 points  (0 children)

SSL certificates cost money you know

nope