You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Distributed file hosting has many benefits (see #2), but it also has a downside: every mirror can tamper with files.
To maintain integrity (and make it easier for users to trust the mirrors), we should provide for the ability to sign a mod after it is uploaded, and before it is distributed. This way, users and CKAN can verify that the package has not been tempered with, and contains what the package claims it contains, instead of, say, a Mono exploit that'll work with the Unity engine.
"Trust, but verify" is a very good motto.
The text was updated successfully, but these errors were encountered:
Distributed file hosting has many benefits (see #2), but it also has a downside: every mirror can tamper with files.
To maintain integrity (and make it easier for users to trust the mirrors), we should provide for the ability to sign a mod after it is uploaded, and before it is distributed. This way, users and CKAN can verify that the package has not been tempered with, and contains what the package claims it contains, instead of, say, a Mono exploit that'll work with the Unity engine.
"Trust, but verify" is a very good motto.
The text was updated successfully, but these errors were encountered: