Date: prev next · Thread: first prev next last
2017 Archives by date, by thread · List index


I'm going to look at adding the SHA256SUM for all the files in
download.lst.  It looks like we can add them without breaking
anything.  Then we can test out how we want to switch or if we need to
support both for a bit (platform dependent?).

Thoughts?
Bryan

(Of course, technically my SHA256SUMs will be based on the existing
HTTP download and MD5SUM...)


On Fri, Feb 24, 2017 at 10:25 AM, Stephan Bergmann <sbergman@redhat.com> wrote:
On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:

The situation with checksum of 'external' files is much worse that you
thought.
They are actually checked with md5.
That being said they are not truly external, since they are hosted on
the project infrastructure


...but downloaded via plain HTTP

and the original motivation was not so much malicious injection
detection but faulty transfer.
using sha1 there would actually be an 'improvement' :-)

I guess we could convert that to shasum -a 256


_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.