Do SourceTree for Windows updates undergo any authenticity verification prior to being applied?

Being from a larger enterprise, our information security group has concerns regarding the installation or updating of software directly from the internet as there is the possibility of the downloaded file having been somehow tampered with by untrusted parties. We can definitely work with the provided offline install file for the initial installs, but would like our developers to be able to do their own updates from the internet. Is there any authenticity verification that is done by SourceTree to ensure that the updates are from Atlassian and have not somehow been tampered with?

1 answer

1 accepted


  1. The update metadata includes an MD5 hash which is checked against the downloaded file. To compromise the update 2 separate systems would have to be compromised to change both the MD5 and the file itself.
  2. When the update is run, depending on your settings you will probably be asked if you want the installer to modify your system, and in that dialog you can view the code signature associated with the installer
  3. All our code (the installer, the binaries within it) are code signed with publicly verifiable certificates

Thanks for the response. That should satisfy our security people with regards to the updates.

Suggest an answer

Log in or Join to answer
Community showcase
Brian Ganninger
Published Jan 23, 2018 in Sourcetree

Tip from the team: workflow and keyboard shortcuts

Supported Platforms macOS Sourcetree has a lot to offer and, like many developer tools, finding and using it all can be a challenge, especially for a new user. Everyone might not love ...

271 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot