I am pleased to report secure notarization of Spout Github release files by CodeNotary.
The release file is scanned, checked for authenticity and the result embedded in a secure blockchain database, where it can never be changed or deleted even by the uploader.
All you do as a downloader is submit the file to authorise it at this web-page. It might take a little while to start working but be patient. Then you will get a friendly thumbs up if it’s found as a trusted source. You can also see details of signing date etc.
What this means is that you can trust that what you have downloaded matches exactly what was submitted for authorization in the first place. It’s much more secure than a web-page hash file comparison where even that can be hacked to match a tampered download file.
You may ask “why not just use a signing certificate”. Because it costs a lot, Spout is not a commercial product and it’s not going to happen.
CodeNotary is an Open Source endeavour. Check out their blog and repositories.
congrats !