bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#55666: enhancement request - SHA-256 for emacs downloads

From: Ali Elshishini
Subject: bug#55666: enhancement request - SHA-256 for emacs downloads
Date: Fri, 27 May 2022 11:46:11 +0000
A checksum file (a file containing all checksums) can be included in the ftp folders
(each folder can have one checksums file for the files it contains)

This way the web page won't have to be updated with every release 

Otherwise if you absolutely can't,  please add clear instructions on  how to verify the downloads using the signatures, I personally tried my best and still failed 

Thanks
Ali

Get Outlook for Android
From: Lars Ingebrigtsen <larsi@gnus.org>
Sent: Friday, May 27, 2022 6:59:25 AM
To: Ali Elshishini <shishini@outlook.com>
Cc: 55666@debbugs.gnu.org <55666@debbugs.gnu.org>
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads
 
Ali Elshishini <shishini@outlook.com> writes:

> May you please include a list of SHA-256 hashes for the downloads in
> https://www.gnu.org/software/emacs/download.html
>
> This will provide an easy and secure way to verify downloads
> Please note that the experience to verify the signature on windows is very poor
> and it for me at least ended up with the file nor being verified because of missing
> public key
>
> A SHA-256 hash will be a simple solution

That would require people to edit that web page every time they generate
a package, which would be error prone and require too much work of the
people who build the packages.

The packages are signed, which I think should be more than sufficient,
so I'm closing this bug report.

--
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
reply via email to
[Prev in Thread] Current Thread [Next in Thread]