I take security very seriously on this site. Ontropy.org is a secure site and should never be visited over plain HTTP without SSL. Downloads from Ontropy.org are links to my Github account, the checksums for the downloads are hosted here meaning that should my Github account be compromised the checksums here should no longer match the files you get from my Github. Should the Ontropy.org server become compromised the attacker could alter the download links and also alter the checksums to match. In this case you should check that the links really point to my Github and not somewhere else and as an extra measure you can check the Ontropy.org source code on Github to see that the checksums there are the same as the ones on the live version of the site. Since the live site is updated by cloning this repo the two should always be identical. You may be wondering if my Github is compromised couldn't the attacker change the downloads, then change the checksums in the Ontropy.org source and then wait for the live site to clone that and be altered. This is not an issue as I perform the clone manually over SSH after pushing a change to the site, it is scripted but is not a cron job. If the attacker has changed my login I would get an authentication error when pushing the update, if they haven't I would get a notification that the remote repo is ahead of my local copy and I would know that something is up.
ChecksumsChecksums for some projects are not yet available, eventually all projects will have checksums listed here.
|To verify the checksums on GNU/Linux you should navigate to the folder containing the downloaded file, download the appropriate checksum file from the list above, place it in the same folder and run the first command on the right. You can read the sha512sum manual hereor by using running the second command on the right in a terminal.||
|Example of a Successful Checksum Verification|
|Example of the Output from sha512sum when the Checksum Doesn't Match|