Code signing procedures

Message boards : Cafe Rosetta : Code signing procedures

To post messages, you must log in.

AuthorMessage
brunni

Send message
Joined: 3 Mar 20
Posts: 2
Credit: 0
RAC: 0
Message 91854 - Posted: 3 Mar 2020, 23:33:36 UTC

From https://boinc.berkeley.edu/wiki/BOINC_Security

So, if you're concerned about security (and you should be!) don't attach to a project unless it can convince you that it follows the code-signing procedure correctly. Ask project administrators to describe how they do code signing.


So here I am, asking about your code signing procedures.
ID: 91854 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mod.Sense
Volunteer moderator

Send message
Joined: 22 Aug 06
Posts: 4018
Credit: 0
RAC: 0
Message 91884 - Posted: 6 Mar 2020, 16:00:36 UTC

The project does use code signatures. The BOINC Manager then verifies each download against the signature to assure nothing has been modified or corrupted during the file transfer. But I'll check with David Kim and see if there is something more specific he can provide.
Rosetta Moderator: Mod.Sense
ID: 91884 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Admin
Project administrator

Send message
Joined: 1 Jul 05
Posts: 4805
Credit: 0
RAC: 0
Message 91885 - Posted: 6 Mar 2020, 17:30:11 UTC

We do follow the guidelines.
ID: 91885 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
brunni

Send message
Joined: 3 Mar 20
Posts: 2
Credit: 0
RAC: 0
Message 91888 - Posted: 7 Mar 2020, 9:07:45 UTC - in response to Message 91885.  

We do follow the guidelines.


So the code-signing keys are not on a network-connected computer?
ID: 91888 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote

Message boards : Cafe Rosetta : Code signing procedures



©2024 University of Washington
https://www.bakerlab.org