Provide hashes for Theia Blueprint downloads

[DamnedElric]

The download page for the blueprint desktop edition does not provide any cryptographic hashes for the downloads. This is particularly problematic because the download redirects to a random local-ish mirror, e.g. https://ftp.fau.de/eclipse/theia/latest/linux/TheiaBlueprint.AppImage, which is not a URL I would immediately trust.

Please publish, for example, SHA-256 or SHA-512 hashes along with the download links.

Many thanks

[jfaltermeier]

Thanks for the report. I will move the issue to the blueprint repository, so that we may publish the hash as part of the build. For now, that latest directories should contain a latest file including a SHA-512 hash, that is used by the updater, e.g. https://download.eclipse.org/theia/latest/linux/latest-linux.yml

[marcdumais-work]

Maybe the theia-ide.org Blueprint download page should point to the OS-specific download folders [1] instead of the current direct download link? Then it will be "discoverable" that there are checksum provided?

[1]: e.g.: https://download.eclipse.org/theia/latest/windows/ https://download.eclipse.org/theia/latest/linux/ https://download.eclipse.org/theia/latest/macos/

[jfaltermeier]

The current links on the Download page are of this form: https://www.eclipse.org/downloads/download.php?file=/theia/latest/windows/TheiaBlueprint.exe&r=1 This makes sure that the download stats are recorded. See https://github.com/eclipse-theia/theia-blueprint/issues/36#issuecomment-773952876 for more info. This would be lost when linking to the directories

[marcdumais-work]

Then maybe we could add, along with the download links, also links for the corresponding files that contain the hashes.

[Mailaender]

There is now https://download.eclipse.org/theia/ide/latest/windows/latest.yml which contains hashes.