[Interest] sha256 checksums for Qt downloads
Jérôme Pinguet
jerome at jerome.cc
Thu Feb 19 14:36:42 CET 2015
Hello!
Would it be possible to add sha256 (and/or sha512) checksums to the Qt
4.8.6 download page [1]?
md5 checksums are easily forged in a few days with a couple of GPUs. In
a post-Snowden era, to avoid security issues with downloads on a page
that is not https by default, using sha2 (sha256 for instance) is necessary.
Other security enhancements suggested:
* make https default for download pages
* sign checksums files (md5sums-4.8.6 and the future sha256sums-4.8.6)
file with a well known Qt developper's GPG key
Thank you for helping all of us improve security and fight malware
through the use of up-to-date and secure hashing algorithms! :-)
[1] http://download.qt.io/archive/qt/4.8/4.8.6/
jérôme
https://cryptoparty.fr
https://freemedsoft.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20150219/f83e4180/attachment.sig>
More information about the Interest
mailing list