Cura Lulzbot Edition - No Signed Security Certificate??

Get answers & advice for all of your 3D printing & Free Software needs here!
Post Reply
Bphillipsz
Posts: 3
Joined: Thu Dec 06, 2018 2:54 pm

Cura Lulzbot Edition - No Signed Security Certificate??

Post by Bphillipsz » Thu Dec 06, 2018 3:17 pm

Why is there no signed security certificate for the Lulzbot Edition of Cura?

For security reasons, our company requires that software installed on our systems includes a signed security certificate. This is a necessary requirement, as many bad actors are using sophisticated techniques to breach IT systems.

I am using the standard Cura package now, because it has a signed certificate. When is Lulzbot going to enter the 21st century and provide one?

Bob

Brent.I
Aleph Objects | LulzBot
Posts: 427
Joined: Mon Jan 20, 2014 8:21 am

Re: Cura Lulzbot Edition - No Signed Security Certificate??

Post by Brent.I » Thu Dec 06, 2018 4:46 pm

Instead of depending on one of several third-party companies to sign our packages, we use SHA512 checksums for verification of package integrity. Your IT department can compare the SHA512 checksum for the file against the offical checksums here:

Windows: http://download.alephobjects.com/lulzbo ... /SHA512SUM
Mac: http://download.alephobjects.com/lulzbo ... /SHA512SUM
Linux: Your package manager will compare the checksum against any of the values we have available: MD5sum, SHA1, SHA256, and SHA512.


As part of our core ethos, we only use Free Software. We're able to make sure that the global community can contribute back, transparently, by only using software that's Free as in Freedom, not just free as in cost.

Bphillipsz
Posts: 3
Joined: Thu Dec 06, 2018 2:54 pm

Re: Cura Lulzbot Edition - No Signed Security Certificate??

Post by Bphillipsz » Fri Dec 07, 2018 12:04 pm

In that case, why can't you use GnuPG to sign it? Checksums can verify the integrity of a malicious package as easily as a benign one.

I'm confident that your software is not malicious, but IT systems get breached because people develop bad habits that cause costly damage, restricting the freedom of everyone in the global community, including my freedom to use Cura Lulzbot Edition on my brand new Taz 6.

Bob

Brent.I
Aleph Objects | LulzBot
Posts: 427
Joined: Mon Jan 20, 2014 8:21 am

Re: Cura Lulzbot Edition - No Signed Security Certificate??

Post by Brent.I » Fri Dec 07, 2018 1:49 pm

Bphillipsz wrote:
Fri Dec 07, 2018 12:04 pm
why can't you use GnuPG to sign it?
Ahh, thank you for the suggestion. We will get with our software team to see what we can do!

Bphillipsz
Posts: 3
Joined: Thu Dec 06, 2018 2:54 pm

Re: Cura Lulzbot Edition - No Signed Security Certificate??

Post by Bphillipsz » Fri Dec 07, 2018 2:40 pm

I'd appreciate whatever you can do.

Thanks,

Bob

Post Reply