Check Who Signed Off On Your Software

An anonymous reader submits "The Software Sig Page encourages software maintainers to publish verifiable signatures for released software and to build the web of trust among software maintainers and software users. If you're afraid of downloading a trojaned OpenSSH, being 0wned while capturing packets, compiling an MTA as well as a backdoor on your system, not being able to trust tools you use every day, or never having a chance from the moment your OS boots, then you want some level of assurance that the software you use is everything the mainatainers expected you to have and no more. Look and check the MD5 and PGP signatures that come with software you download."