…of a file’s SHA256 fingerprint? If I have my terminology correct here…

  • Matt@netmonkey.tech
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 years ago

    Depends on the context, I think. For me, I rarely do it for personal stuff. If I wanted to be perfect, I could do it, assuming a signature is available to verify, but I’m lazy. I would venture to say most folks don’t do it either.

    With that being said, where I have been consistent about doing it has been writing config management code at work. If I need to have it download an installer from an untrusted source, I can verify that I’m installing the same package on all servers by verifying the signature before installation. This doesn’t always work well in all circumstances, though.

    • state_electrician@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 years ago

      That’s interesting and it’s the same for me. But I just started wondering why we apply higher standards at work, when the effects for our personal stuff really affect us as individuals.

      • Matt@netmonkey.tech
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        Yes, I agree with you. I’m certainly willing to take more risks with my personal systems than my work systems. Plus, I don’t use any configuration management here at home, so everything I have is setup by hand and unique.