search for: sig_verifi

On Wed, 23 Apr 2025, Wiktor Kwapisiewicz via openssh-unix-dev wrote: > Hello, > > I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts > (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be > passed only once. A side remark: technically it can be passed multiple times > without a warning but the last invocation overrides all

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s

Dear list, I'm using R in a corporate environment and was interested how R checks integrity of packages during an installation. I saw (and verified my suspicion in the code[1]) that the verification purely relies on MD5. >From an IT security perspective, this can be improved. My question is: Is is possible to force R to verify integrity via SHA256 or even OpenPGP signatures? If not are

On Thu, Oct 15, 2015 at 9:11 AM, Philip Gilli?en <guerda at freenet.de> wrote: > I'm using R in a corporate environment... That's irrelevant. > is possible to force R to verify integrity via SHA256 or even OpenPGP signatures? If not are there any plans to support better hashes than MD5? As the source code looks, an extension to support other (optional) hash values would be