Page 1 of 1

verification hashes sums

Posted: Fri Feb 17, 2017 1:51 am
by reactosuser7
Could ReactOS files: 'BootCD', 'LiveCD' and files from Trunk Daily Builds have shasums (sha256sum and sha512sum) to verify its integrity?

Or at least md5sums?

GNU/Linux uses verification hashes sums.

Re: verification hashes sums

Posted: Fri Feb 17, 2017 3:01 am
by hto
SF download page has SHA1 and MD5 sums for BootCD and LiveCD files.

Re: verification hashes sums

Posted: Fri Feb 17, 2017 3:04 pm
by Swyter
It's not the same thing, but most of the builds get served from HTTPS. Just check the chain of trust.

I added HTTPS and SHA1 support for RAPPS packages (many of which are downloaded from their original locations using plain HTTP), and some other dev added HTTPS certificate pinning for the RAPPS database update.

Overall, I think we are mostly covered in that front.

Re: verification hashes sums

Posted: Sat Feb 18, 2017 3:20 pm
by Black_Fox
There are two reasons to use checksums:
1) check if the archive was downloaded properly without errors
2) check whether the storage wasn't tampered with

HTTPS covers the issue 2). The ISOs from build server are compressed into an archive, so there should be a checksum as part of the file format, but IIRC only CRC32 is used, that may not be enough to cover issue 1).