On 11/19/2015 06:15 PM, Uwe Stöhr wrote: > Am 19.11.2015 um 01:12 schrieb Scott Kostyshak: > >> The benefit of signing files is so that whoever downloads the file can >> be confident that it is the same file that you uploaded. Downloads and >> uploads are not often corrupted as they were before, but a file is made >> up of many 0's and 1's which are sent through wires. > > Thanks for the explanation. I understand that a download can go wrong > but It is not clear to me what would happen that could harm anybody. > if a download is broken you will most probably not be able to install > LyX with this installer and we will get quickly complaints by users. > What else could happen?
The worry is not that the download goes wrong, but that someone manages somehow to put a virus into your installer. This could happen in a number of different ways, for example, via a man-in-the-middle attack. Or someone could hack into your Sourceforge account and replace the file. It's happened. If you send Scott and MD5 sum (and me, actually), then we can be confident that the file has not been altered. So our signature means something. Richard
