security

PGP signatures for Bleachbit downloads?

Forums: 

Hey,
Is there any possibility of getting detached signature files from Andrew for the downloads?
I don't mean signature files for checksums (though they're useful), but checksums don't detect if files on a server have been tampered with. Since hackers have managed to replace files w/ maliciously altered versions on lots more than one or two major organizations, I'd appreciate detached .asc files, signed with Andrew's public key.

Improve BleachBit.org Security

Forums: 
Forum tags: 

Hi,

Please upgrade the security a bit more.

Should use Upgrade Insecure Requests @ https://www.w3.org/TR/upgrade-insecure-requests/

Should enable HPKP (HTTP Public Key Pinning) @ https://report-uri.io/home/pkp_hash

Should use CSP (Content Security Policy) @ https://report-uri.io/home/generate

And other security headers @ https://bitcoinsecurityproject.org/WebApplicationSecurityPractices/Secur...

Thanks,

Will

How secure is BleachBit?

Forums: 
Forum tags: 

Virus total found 4 risks http://www.virustotal.com/file-scan/report.html?id=7f41dd5ac4cac4a210776...

Security concerns for updates...

Forums: 
Forum tags: 

Very fine software.

I have an important security concern I'm hoping you can help solve.

Question 1:
How can I be sure the .xml updates are legitimate and from you,
what checks are in place? Is there a method to verify the updates via hash or key or otherwise?

Question 2:
Can I accept 'all' updates at once without having to click OK to each one?

Thank you much.
Justin

Subscribe to RSS - security