Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Do SourceTree for Windows updates undergo any authenticity verification prior to being applied?

Cathy Sanders
Cathy Sanders May 28, 2013

Being from a larger enterprise, our information security group has concerns regarding the installation or updating of software directly from the internet as there is the possibility of the downloaded file having been somehow tampered with by untrusted parties. We can definitely work with the provided offline install file for the initial installs, but would like our developers to be able to do their own updates from the internet. Is there any authenticity verification that is done by SourceTree to ensure that the updates are from Atlassian and have not somehow been tampered with?

Answer
Watch
Like Be the first to like this
446 views

1 answer

1 accepted

0 votes
Answer accepted
stevestreeting
stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 28, 2013

Yes.

  1. The update metadata includes an MD5 hash which is checked against the downloaded file. To compromise the update 2 separate systems would have to be compromised to change both the MD5 and the file itself.
  2. When the update is run, depending on your settings you will probably be asked if you want the installer to modify your system, and in that dialog you can view the code signature associated with the installer
  3. All our code (the installer, the binaries within it) are code signed with publicly verifiable certificates

View More Comments
Cathy Sanders
Cathy Sanders May 28, 2013

Thanks for the response. That should satisfy our security people with regards to the updates.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.