Wrong hash algorithm in checksum file? #2

Closed
lfam opened this Issue Jul 10, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@lfam

lfam commented Jul 10, 2016

I downloaded letskencrypt-portable-0.1.7.tgz and the associated file letskencrypt-portable-0.1.7.sha256 from https://kristaps.bsd.lv/letskencrypt/snapshots/.

However, the checksum contains a SHA512 hash rather than a SHA256 hash:

$ cat letskencrypt-portable-0.1.7.sha256 
SHA512(letskencrypt-portable.tgz)= 8b0e7e47054ce272486d472cef9e48c54b6179cd2da50967f373dd552ff59dd495758c56f8e147513267800254909e88304908f1495a969ed24ce8b43c0c64de

Also, the checksum itself was calculated on the "unversioned" filename, which is a little confusing, since the filename of the checksum includes the version.

It's probably worth signing the checksum as well, whether with PGP or signify.

@kristapsdz

This comment has been minimized.

Show comment
Hide comment
@kristapsdz

kristapsdz Jul 12, 2016

Owner

Thanks! This has been fixed in the latest release of 0.1.8, now at kristaps.bsd.lv/letskencrypt.

Owner

kristapsdz commented Jul 12, 2016

Thanks! This has been fixed in the latest release of 0.1.8, now at kristaps.bsd.lv/letskencrypt.

@kristapsdz kristapsdz closed this Jul 12, 2016

@kristapsdz

This comment has been minimized.

Show comment
Hide comment
@kristapsdz

kristapsdz Jul 12, 2016

Owner

(Except for the signature, which is a larger question that'll be answered in due time...)

Owner

kristapsdz commented Jul 12, 2016

(Except for the signature, which is a larger question that'll be answered in due time...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment