|Older cosign Source Code and Installers|
|to verify checksum: openssl md5 filename|
WARNING: Versions of cosign older than 3.0 have an architectural flaw (detailed here). New users of cosign should select the latest cosign 3 release for download. Existing legacy cosign installations should upgrade to cosign 3 as soon as possible. An overview of that process may be found here.
WARNING: Versions of the cosign weblogin server prior to 2.0.2a (excluding 1.9.4b) contain remotely exploitable security vulnerabilities. The cosign development team strongly recommends that only newer versions of the cosign weblogin server be used.