I am a
​​
windows-mac​ user.
Downloaded Jitsi right now.

How do I verify my download?
Haven"t found any checksums or *GPG signatures* on the download page (which
is the best because the attacker could change the checksums as well).

Do I miss something?

Alexander

I am a
​​
windows-mac​ user.
Downloaded Jitsi right now.

How do I verify my download?

On Windows: right-click the binary, open the properties, go to the tab "Digital Signatures". You'll find it signed by BlueJimp.
On Mac: The bundle is signed as well. If your Gatekeeper is set to "Mac AppStore and verified developers" then it wouldn't launch with an invalid signature. Alternatively launch a terminal and type codesign -dv /Applications/Jitsi.app

Haven"t found any checksums or GPG signatures on the download page (which is
the best because the attacker could change the checksums as well).

Do I miss something?

Alexander

Ingo

On Windows: right-click the binary, open the properties, go to the tab

"Digital Signatures". You'll find it signed by BlueJimp.

That simple, Ingo?
Thank you very much.

I saw the signature, but had no idea that "BlueJimp" is from the original
Jitsi dev.

I think it could be very useful to publish it on the download page of Jitsi.
Its not "skype" after all, you know. So verifying concerns a lot of users.