Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Out of scope
Priority: Not Evaluated
Fix Version/s: None
Affects Version/s: None
Component/s: qt.io
Labels:
None

Platform/s:

All

Description

Component: "download.qt.io"

Hi,

on the downloadsite besides the installer packages there is

https://download.qt.io/archive/qt/5.13/5.13.0/md5sums.txt

which contains only the md5sums.

Since md5 is already known as not secure anymore, it would be nice to offer another method of verifying that nobody has manipulated the installer file.

It could be done easily automatically and would improve the secure distribution a lot. I would assume on most Desktop/Server Linux systems sha512sum is already installed so the additional overhead is quite small, depending on the build system, to add command that not only calculates the md5 but also the sha512 sums.

In case the sha sums are already calculated and put somewhere accessible: Sorry, but I could not find them, please let me know where they are (and this report should be re-titled to "not visible enough sha sums" )

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Qt Release Team

Reporter:: user-e2e87 (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19 Jun '19 14:01

Updated:: 29 Aug '23 14:26

Resolved:: 14 Apr '21 07:32

Gerrit Reviews

There are no open Gerrit changes