On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:
The situation with checksum of 'external' files is much worse that you thought.
They are actually checked with md5.
That being said they are not truly external, since they are hosted on
the project infrastructure
...but downloaded via plain HTTP
and the original motivation was not so much malicious injection
detection but faulty transfer.
using sha1 there would actually be an 'improvement' :-)
I guess we could convert that to shasum -a 256
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.