Recent

Author Topic: SHA256 validation of downloads??  (Read 300 times)

QEnnay

  • Jr. Member
  • **
  • Posts: 59
SHA256 validation of downloads??
« on: October 21, 2020, 06:00:12 pm »
Just downloaded ..10 and there are no validation files in the Lnux64 .deb Files Folder.

Seems a bit risky.

Is there a better download site than SourceForge?

And, I don't just mean Mirrors, preferably an Open Source kind a thing. :)
Laz 2.0.8
Linux-Mint 20.04.0 + Cinnamon, Kernel 5.8 (NOT stock Ubuntu/Mint 5.4 Kernel)
Lenovo Flex 5 Ryzen 5 4500, 512GB-NVMe, 16GB memory

MarkMLl

  • Hero Member
  • *****
  • Posts: 1447
Re: SHA256 validation of downloads??
« Reply #1 on: October 21, 2020, 06:31:34 pm »
Definitve list: https://freepascal.org/download.html

Surely .deb files have an internal validatory hash?

MarkMLl
Turbo Pascal v1 on CCP/M-86, multitasking with LAN and graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.

QEnnay

  • Jr. Member
  • **
  • Posts: 59
Re: SHA256 validation of downloads??
« Reply #2 on: October 21, 2020, 07:06:36 pm »
Surely .deb files have an internal validatory hash?

I have no idea, but it would not matter. If nasties were included into the .deb any hash would be updated too unless the hacker was a complete dolt. The .deb is not quite like a compiled .exe, it is more of an instruction list also with some files.

Using a SHAxxx checksum provided by the developer will validate the file as it was when it left the Dev's desk.

Having a SHAxxx independently provided by FPC to validate the download at **my** desk just makes sense.
Laz 2.0.8
Linux-Mint 20.04.0 + Cinnamon, Kernel 5.8 (NOT stock Ubuntu/Mint 5.4 Kernel)
Lenovo Flex 5 Ryzen 5 4500, 512GB-NVMe, 16GB memory

lucamar

  • Hero Member
  • *****
  • Posts: 3188
Re: SHA256 validation of downloads??
« Reply #3 on: October 21, 2020, 08:45:48 pm »
IIRC there is somewhere in the download pages a list with hashes for the all distributon packages. Let me see if I can find it ..

Found it! Here it is: Checksums for the official Lazarus releases, MD5, SHA1 y SHA256.
« Last Edit: October 21, 2020, 08:54:31 pm by lucamar »
Turbo Pascal 3 CP/M - Amstrad PCW 8256 (512 KB !!!) :P
Lazarus/FPC 2.0.8/3.0.4 & 2.0.10/3.2.0 - 32/64 bits on:
(K|L|X)Ubuntu 12..18, Windows XP, 7, 10 and various DOSes.

QEnnay

  • Jr. Member
  • **
  • Posts: 59
Re: SHA256 validation of downloads??
« Reply #4 on: October 23, 2020, 09:59:25 pm »
Found it! Here it is: Checksums for the official Lazarus releases

Thanks, a well hidden secret. ;)

ETA: OK, found it on the bottom of the download page, but I was sent straight to the SourceForge list. Might nice to have a link back there for the SHAs. I don't mean put copies on SF, just a link back to www.lazarus-ide.org/
« Last Edit: October 23, 2020, 10:03:36 pm by QEnnay »
Laz 2.0.8
Linux-Mint 20.04.0 + Cinnamon, Kernel 5.8 (NOT stock Ubuntu/Mint 5.4 Kernel)
Lenovo Flex 5 Ryzen 5 4500, 512GB-NVMe, 16GB memory

 

TinyPortal © 2005-2018