Opened 18 years ago
Last modified 11 years ago
#1159 closed Bug report
Release Notes - MD5 not necessary for installer
| Reported by: | seier | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | Other |
| Keywords: | Cc: | seier, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
Dear FileZilla Author,
The download for each build lists an MD5 file. That's
great for people working with all the package files
offered, except the installer. A typical home user
doesn't need the MD5 file, because the installer will
verify itself at the start of the installation.
However, people with file library's would want the MD5
for the installer, to make sure what they're hosting
isn't corrupt. I know this to be true with Inno Setup.
Can someone who knows a thing or two about the
NullSoft install system respond whether or not my
assumption is also true with NSIS, the installer
FileZilla employs? If that's the case then it'd be
great if you ended every release notes with "Note: The
MD5 file is not necessary if you are using the
installer, because it'll verify itself at startup."
Thanks,
Christian
Change History (3)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
Hi Tim,
But another purpose of the .md5 file is to verify that the
files have not been tampered with (e.g. replaced by other
files).
I agree, however that's only relevant on file libraries and
they'll know they need the MD5. Will the GnuPG prevent
those Windows' security warnings before running it? That's
of no benefit to me, but newbies would love it.
Cheers,
Christian Blackburn
comment:3 by , 18 years ago
No, only if someone donates a monstrous amount of money I
could sign the executable itself. Those certificates are
extremely expensive...
It's right, the .md5 file isn't needed for NSIS installers.
But another purpose of the .md5 file is to verify that the
files have not been tampered with (e.g. replaced by other
files).
In future, I plan to sign files using GnuPG as well.