Check Who Signed Off On Your Software

An anonymous reader submits "The Software Sig Page encourages software maintainers to publish verifiable signatures for released software and to build the web of trust among software maintainers and software users. If you're afraid of downloading a trojaned OpenSSH, being 0wned while capturing packets, compiling an MTA as well as a backdoor on your system, not being able to trust tools you use every day, or never having a chance from the moment your OS boots, then you want some level of assurance that the software you use is everything the mainatainers expected you to have and no more. Look and check the MD5 and PGP signatures that come with software you download."

Good for a small market

[Mork29]

Lets face it, the average user doesn't know what an MD5 checksum or PGP even are. It's a sad thing, because most security tools are easy to use, and would make the internet a safer place, but the fact of the matter is that you still have people opening up e-mail viruses that are an attachment with a notepad icon. Although if you know how you should, we need to find a safe delivery system that's a bit easier for the average joe, who seems to enjoy living on the edge, downloading lots of shareware, and clicking on every e-mail attachment they get.