On 19 févr. 2015, at 16:05, Bo Thorsen <b...@vikingsoft.eu> wrote: > On 02/19/2015 02:36 PM, Jérôme Pinguet wrote: >> Hello! >> >> Would it be possible to add sha256 (and/or sha512) checksums to the Qt >> 4.8.6 download page [1]? >> >> md5 checksums are easily forged in a few days with a couple of GPUs. In >> a post-Snowden era, to avoid security issues with downloads on a page >> that is not https by default, using sha2 (sha256 for instance) is necessary. >> >> Other security enhancements suggested: >> >> * make https default for download pages >> * sign checksums files (md5sums-4.8.6 and the future sha256sums-4.8.6) >> file with a well known Qt developper's GPG key >> >> Thank you for helping all of us improve security and fight malware >> through the use of up-to-date and secure hashing algorithms! :-) >> >> [1] http://download.qt.io/archive/qt/4.8/4.8.6/ > > There's a very clear rule in 4.8: No new features are allowed. It's > pretty much only security fixes that will find it's way to this. Perhaps > some bug fixes as well. > > So no, you won't get this for a 4.8 based application. > > Your options are to upgrade Qt to 5.x (which you probably chose not to > for some reason) or to implement it yourself. > > If you need this for a 4.8 based application, you can just create your > own Qt patch and build Qt yourself with it. It shouldn't be difficult to > port the code from the 5.x sources to 4.8. > > Bo Thorsen, > Director, Viking Software. > > -- > Viking Software > Qt and C++ developers for hire > http://www.vikingsoft.eu > _______________________________________________
Hi, @Bo I think the OP was just asking to add the information on the download page and secure it using https @Jérome It's available in the "Details" for each download Cheers Samuel _______________________________________________ Interest mailing list Interest@qt-project.org http://lists.qt-project.org/mailman/listinfo/interest
