Hi,
I am looking for the signature file to verify the deb file Download for Bitwarden Desktop. Can anyone point me to it? I have tried to find it but can’t anywhere.
Thanks
You seem to be the only security minded user here. It seems super wired that Bitwarden does not release signed binaries. Dear Bitwarden developers, why is this not already part of your security best practices?
I’m not that familiar with signed binaries. What is the risk of using an unsigned binary if I download the file directly from the Bitwarden website?
That someone will deliver you a malicious binary and gain access to all your data. If developers signed locally on their devices before publishing (as any sane developer who cares even a little bit about security does), there would be no need to trust the infrastructure (download sources, website, etc.) itself.