How do we validate Package Feed Module setup files are safe?

How do we validate Package Feed Module setup files are safe?

We use a checksum to ensure the download is not modified in transit. We then scan them for viruses. If a setup triggers a virus alert, we will not accept the update and host the file but will instead communicate with the vendor to resolve the issue. Because we are not wrapping or modifying vendor setups, any security signature applied by the vendor remains intact and can be leveraged to confirm it has not been tampered with.

Was this article helpful? Yes No
No ratings
Version history
Revision #:
3 of 3
Last update:
‎Jun 03, 2020 01:39 PM
Updated by:
 
Contributors