Sorry, I posted before I even finished writing the title. It should have said "Fractal's SSL cert" and refers to the following post:
https://forum.fractalaudio.com/threads/os-x-expired-certificate-not-a-problem.131726/
The post says that the expired cert isn't a problem but it actually is. The cert is there to verify that the package came from who it says it came from. In this day and age, it is important to protect your company and yourself and this bit helps. Even if you *think* you downloaded it directly from Fractal's site, it could in fact be malicious.
To improve security, Fractal should really store checksums of there product and post those as well so that the security minded folks can verify that the download is in fact correct. The Checksum info should be served from a separate location than the download to guard against the possibility that someone hacked both the binary and the checksum.
Then at least, if your cert expired, user's can at least have the assurance that the download is "safe".
Expired certs are always a problem. Yes, the workaround is to accept it and move forward but it's not "ok". Stating so encourages a lack of diligence in circumventing the checks that help ward against viruses, spyware etc.
Fractal I love you guys. Don't get me wrong.
https://forum.fractalaudio.com/threads/os-x-expired-certificate-not-a-problem.131726/
The post says that the expired cert isn't a problem but it actually is. The cert is there to verify that the package came from who it says it came from. In this day and age, it is important to protect your company and yourself and this bit helps. Even if you *think* you downloaded it directly from Fractal's site, it could in fact be malicious.
To improve security, Fractal should really store checksums of there product and post those as well so that the security minded folks can verify that the download is in fact correct. The Checksum info should be served from a separate location than the download to guard against the possibility that someone hacked both the binary and the checksum.
Then at least, if your cert expired, user's can at least have the assurance that the download is "safe".
Expired certs are always a problem. Yes, the workaround is to accept it and move forward but it's not "ok". Stating so encourages a lack of diligence in circumventing the checks that help ward against viruses, spyware etc.
Fractal I love you guys. Don't get me wrong.
Last edited: