Closed yan12125 closed 2 years ago
Yes, it is related to that rebuild, see https://forum.syncthing.net/t/yet-another-syncthing-tray/8502/151. I've been adding a note in GitHub's release section.
I could also sign the files before uploading them in the future.
Got it, thanks for clarification and considering the signing idea!
Relevant components
syncthingctl
)libsyncthing
)Environment and versions
syncthingtray
,qtutilities
andc++utilities
: 1.1.12Bug description
When I downloaded Windows Qt6 binaries for the first time (roughly Nov 4, UTC+8), SHA256 checksums are:
When I downloaded them again yesterday, checksums become:
But I cannot find an explicit note about updated binaries. Maybe https://github.com/Martchus/PKGBUILDs/commit/790d0582dfd2d6ab7b543d0e16299fcfebc714ee is related?
Steps to reproduce
Expected behavior If binaries are updated, there is a note somewhere
Screenshots N/A
Additional context I maintain a Chocolatey package for Syncthingtray on Windows [1]. Its install script verifies downloaded files via checksums. Now Chocolatey complains about mismatched checksums [1].
Here is an idea - if binaries are signed by your gpg key like packages in the Arch Linux repo [ownstuff], I can verify updated binaries are still uploaded by the original author.
[1] https://community.chocolatey.org/packages/syncthingtray [2] https://gitlab.com/yan12125/chocolatey-packages/-/issues/1