GNU bug report logs - #55666
enhancement request - SHA-256 for emacs downloads

Previous Next

Package: emacs;

Reported by: Ali Elshishini <shishini <at> outlook.com>

Date: Thu, 26 May 2022 20:27:02 UTC

Severity: wishlist

Tags: wontfix

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ali Elshishini <shishini <at> outlook.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: "55666 <at> debbugs.gnu.org" <55666 <at> debbugs.gnu.org>
Subject: bug#55666: enhancement request - SHA-256 for emacs downloads
Date: Fri, 27 May 2022 11:46:11 +0000

[Message part 1 (text/plain, inline)]
A checksum file (a file containing all checksums) can be included in the ftp folders
(each folder can have one checksums file for the files it contains)

This way the web page won't have to be updated with every release

Otherwise if you absolutely can't,  please add clear instructions on  how to verify the downloads using the signatures, I personally tried my best and still failed

Thanks
Ali

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Lars Ingebrigtsen <larsi <at> gnus.org>
Sent: Friday, May 27, 2022 6:59:25 AM
To: Ali Elshishini <shishini <at> outlook.com>
Cc: 55666 <at> debbugs.gnu.org <55666 <at> debbugs.gnu.org>
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads

Ali Elshishini <shishini <at> outlook.com> writes:

> May you please include a list of SHA-256 hashes for the downloads in
> https://www.gnu.org/software/emacs/download.html
>
> This will provide an easy and secure way to verify downloads
> Please note that the experience to verify the signature on windows is very poor
> and it for me at least ended up with the file nor being verified because of missing
> public key
>
> A SHA-256 hash will be a simple solution

That would require people to edit that web page every time they generate
a package, which would be error prone and require too much work of the
people who build the packages.

The packages are signed, which I think should be more than sufficient,
so I'm closing this bug report.

--
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Message part 2 (text/html, inline)]
This bug report was last modified 2 years and 359 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.