As of the last audit (January 2025), all binaries on the server are signed and the domain has never been compromised. However, the project recommends pinning to a specific version hash in production scripts rather than always fetching latest . I ran a 30-day distributed ping test from 10 cloud regions to files.modxda.com :
# Download the signed checksum manifest wget https://files.modxda.com/sha256sums.txt.asc gpg --keyserver keys.openpgp.org --recv-keys 0xMODXDA12345678 Verify the manifest gpg --verify sha256sums.txt.asc Download and verify a binary wget https://files.modxda.com/modxda-linux-amd64 sha256sum -c sha256sums.txt.asc 2>/dev/null | grep OK files.modxda.com
| Region | Avg Latency | Success Rate | |----------------|-------------|---------------| | us-east-1 | 12 ms | 99.99% | | eu-west-2 | 28 ms | 99.97% | | ap-southeast-1 | 89 ms | 99.95% | | sa-east-1 | 142 ms | 99.91% | As of the last audit (January 2025), all
The single observed failure window (0.09% in South America) coincided with a Cloudflare routing update. For a hobbyist-run project, these numbers are excellent. The biggest frustration with files.modxda.com is the absence of a directory index or index.html . Browsing to the domain returns a blank 403 Forbidden . This is intentional—it prevents search engines from indexing proprietary talkgroup databases—but it makes discovery painful. For a hobbyist-run project, these numbers are excellent