17 Dec
2003
17 Dec
'03
6:17 p.m.
Fellow cpunks: I am working on various software packages for UNIX and Windows and since this is commercial work and prior NDA's are involved, I can't include the source code for absolute validation. What would assure one that a package has not been tampered with from the company to the user? (Currently, I am using PKZIP's rather anemic AV protection, as well as signing the archive with my PGP key. I am wondering if there are any other steps I need to take to assure that a package came from me, and wasn't damaged/altered/tampered with in transit.) Thanks in advance.