06-16-2015, 07:08 AM
(06-16-2015, 07:02 AM)JustM3 Wrote:(06-16-2015, 06:53 AM)Oberon51 Wrote:Now now, we need to make sure that the user posting is actually trusted, and not a hacked account. Perhaps we need multiple accounts, until someone can vouch that those aren't all the same user.(06-16-2015, 06:33 AM)JustM3 Wrote:(06-16-2015, 06:32 AM)Phyxie~ Wrote:Not everybody knows how to though, and they can be easily changed by editing the post itself.(06-16-2015, 02:14 AM)JustM3 Wrote: Okay, lets add a source to all of my programs. Oh wait, they are already open-sourced ;D
Also, users could change the link to the exe so that it points to a malicious file. Maybe you could try to prevent that in some way.
Could make users include hashsums for your binaries when posting, if people are too lazy to check the hashes then they can blame themselves.
A trusted member could post the hash in the first reply to the thread after it's confirmed that the exe is safe or this trusted member just compils it himself and posts it in the first post.
Or you add a part to the thread that cannot be edited unless you are admin or something.
You could also make an announcement about how to check the hash of a file. It shouldn't be that hard.
Personally I think that it's fine if anyone can just compile it himself though. It's just way less trouble.
Though I am probably being a little paranoid, right?
I think you are definitely right. I don't really know much about forum software so I don't know if this is a good idea but you could let a trusted user sign his message with a pgp key and the server verifies the message and marks it as 'trusted' in the browsers of visitors. Unless a hacker has access to a trusted users computer and also knows his private key's password it would not be possible to fake being a trusted member.
As I said I don't really know if this would work but it doesn't sound bad to me. :^)