JFrog Logo
  • Products
  • Platform
  • Resources
  • Services
  • Pricing
  • Company
    • About
    • Partners
    • Blog
    • Careers
    • Customers
    • Leadership
    • Events
    • Press
    • Contact Us
  • Community
  • Products
    • Artifactory
    • Bintray
    • XRay
    • Mission Control
  • Platform
    • Overview
    • Free Trial
    • Pricing
  • Resources
    • Resource Center
    • User Guides
    • Integration
    • Legal and Privacy
    • Customer Zone
    • Knowledge base
    • Upcoming Webinars
    • Community Forum
  • Services
    • Support
    • Ticket Portal
    • Consulting
  • Pricing
    • Artifactory
    • Bintray
    • Xray
    • Mission Control
    • Enterprise+
  • Company
    • About
    • Partners
    • Blog
    • Careers
    • Customers
    • Leadership
    • Events
    • Press
  • Community
  • Contact Us
Support

Get Support

24/7 R&D Level Support

See More

Ticket Portal

Existing customers?
Get direct help from our team

Log In
Professional
Services

Consulting

Leaping to Enterprise DevOps

See More
Products
Xray Logo
Platform
NEW!
Products
Xray Logo
Platform
NEW!
Resources

リソースセンター

ウェビナ、技術記事、ホワイトペーパ、解説動画、ユースケース、など

詳細を見る

ユーザガイド

JFrog製品テクニカルドキュメント

詳細を見る

インテグレーション

JFrogと連携可能な
テクノロジーについて

詳細を見る

Legal and Privacy

ライセンスとコンプライアンスについての情報

詳細を見る
Support

サポートを受ける

24時間対応開発者向けサポート

確認する

チケットポータル

既にご利用いただいる方へ
ダイレクトにサポートを提供します。

Log In

カスタマーゾーン

JFrogプロダクトについての疑問や課題などを
解決するための情報リソース

確認する

ナレッジベース

セルフサービスポータル

確認する

ウェビナ

JFrogトップエンジニアによる技術解説

確認する

コミュニティ

コミュニティで質問する

確認する
Resources

Resource Center

Webinars, articles, white papers, screencasts, use cases, and more

See More

User Guides

Technical documentation
about JFrog products

See More

Integrations

All of the technologies
that integrate with JFrog

Read Now

Legal and Privacy

Information about our licensing terms and compliance

See More

Knowledge Base

Comprehensive
self-service portal

See More

Upcoming Webinars

Join our leading tech experts
to enrich your knowledge

See More

Community Forum

Ask the community

See More

Customer Zone

All the resources you need to manage
and troubleshoot your JFrog products

See More

JFrog Artifactory

Enterprise Universal
Artifact Manager

詳しく見る

JFrog Bintray

Universal Distribution Platform

詳しく見る
Xray Logo

JFrog Xray

Continuous Security and Universal Artifact Analysis

詳しく見る

JFrog Mission Control

Centralized Global
Artifact Management

詳しく見る

JFrog Artifactory

Enterprise Universal
Artifact Manager

Learn More

JFrog Bintray

Universal Distribution Platform

Learn More
Xray Logo

JFrog Xray

Continuous Security and Universal Artifact Analysis

Learn More

JFrog Mission Control

Centralized Global
Artifact Management

Learn More

Feeling secure with Bintray downloads

By Baruch Sadogursky

| May 14, 2015

SHARE:

Remember our take on .asc files? The thing is, digital certificates alone cannot guarantee the identity of someone. To fully trust someone there needs to exist a reliable Web of Trust (WoT) that leaves little to no doubt that the signer is who he claims to be.

So what’s the solution then? Use Bintray as a decentralized source of trust to validate the author’s public web identity in order to verify that he is who you think he is. Once this identity can be recognized, it can be used to decide whether the packages the user has signed, and which you are about to download deserve your trust or not.

But what is a “web identity” and how can you trust it? If we are talking about developers, it will probably be their Twitter account, GitHub account (and, maybe others like Google+, Bitbucket, etc.). And how you can be sure that the author is not listing a fake profile? By using OAuth.

You can authorize your Bintray profile with Twitter, GitHub and Google+ and provide your users with the confidence that the files they download come from who you claim to be:

Authorize social accounts in Bintray profile

Once your profile is authorized (the authorized profiles are clearly marked on your Bintray author page with checkboxes, as in the screenshot below), the users of your repositories and packages can validate your identity by peeking at your page in the social networks themselves.

Social Accounts Verified in Bintray

We, at JFrog, believe that information is power, and the more info you have about the libraries and their authors, the better decisions you’ll make about whether to trust them or not!

Tags: user profile web of trust security

SHARE:

Featured Posts

Your Enterprise Grade Helm Chart Repository with JFrog Artifactory!

Your HA Installation and Upgrade Process Just Got Easier!

A Journey Into Modern DevOps and Continuous Integration in C and C++ Projects

Popular Tags

artifactory best practices bintray build continuous delivery continuous integration Devops docker docker registry Fred Simon github gradle jcenter Jfrog Maven maven central Mission Control nuget security xray

Products

  • Artifactory
  • Bintray
  • Xray
  • Mission Control
  • JFrog Platform
  • Pricing
  • Open Source
  • JFrog CLI

Resources

  • Resource Center
  • User Guide
  • Integration
  • Webinars
  • Legal and Privacy

Support

  • Get Support
  • Knowledge Base
  • Ticket Portal
  • Community Forum
  • Customer Zone

Company

  • About
  • Leadership
  • Partners
  • Press
  • Events
  • Blog
  • Careers
  • Contact Us
  • Brand Guidelines
© 2019 JFrog Ltd All Rights Reserved
Terms of Use Cookies Policy Privacy Policy

Success

frog hand

Your action was successful

Oops... Something went wrong

frog hand

Please try again later

Modal Title

frog hand

Modal Message