Security notes

I provide MD5, SH256 and most times SHA1 checksums and GPG signatures for the archives/files that are available on this pages for download so you can check the integrity of those files (and can be sure they are really from me :-).

Please note that all of my programs may be infested with bugs and probably have many security holes! I can not give any warranties and you are using the programs at your own risk!

GPG signatures

The signatures are provided in ASCII armoured format. You can use GnuPG for verification. Other versions of GPG or PGP should also work fine (though I haven't tested it). Note that you will also need my GPG public key.

A warning on the use of GPG under OS/2: According to Werner Koch - who, as the main author of GPG, surely knows what he is saying - GPG for OS/2 is not secure because of the lack of good entropy sources under OS/2. So you should not use GPG for signing or encryption here.

On the other hand there once was a REXX entropy daemon available (2025-04-15: Sorry, no idea where this possibly might still be downloaded today...), maybe this can solve the problem? Unfortunatly I'm no expert in this matters and can't give you any definitive advice.

The signatures of all files on this website have been created with GPG for GNU/Linux. As far as I understand the whole thing (but don't count on this ;-) verifying signatures should not be affected by above problem anyway so you can use GPG for OS/2 for checking the sigs.