f.lux f.lux forum
    • Recent
    • Popular
    • Register
    • Login

    Checksums for downloads (to ensure download integrity)

    macOS
    1
    1
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flux-fan
      last edited by flux-fan

      Hi, this is a issue for all versions of f.lux.

      May the web site also include the SHA1 checksum of f.lux downloads so we can check that the file we're downloading hasn't been compromised?

      Earlir this year Handbrake had an issue where their mirror servers were compromised and served users malware as a result. I don't know how f.lux deliveries its downloads to us, but by providing us SHA1 checksums, we can at least verify the file we've downloaded is what was intended. (It's also useful if the SHA1s are on Github or Twitter so an attacker would need to gain access to multiple accounts to deceive users.)

      Handbrake issue: https://www.macrumors.com/2017/05/07/handbrake-app-security-warning-servers-hacked/
      Handbrake's checksum page: https://github.com/HandBrake/HandBrake/wiki/Checksums

      Thanks!

      1 Reply Last reply Reply Quote 3
      • First post
        Last post
      Copyright © 2014 NodeBB Forums | Contributors