Use SHA256 hash instead of SHA1 hash

[webagentur-hartmann]

At the moment a SHA1 hash is used to verify the correctness of the jameica-linuxx64-2.10.1.zip package.

I prefer to use a SHA256 checksum instead

[tobias-hammerschmidt]

While I can understand the preference for SHA256 checksum I would prefer keeping the SHA1 sum for now since this could easily be cross-checked with the original source here: https://www.willuhn.de/products/jameica/download.php (see especially https://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64-2.10.1.zip.SHA). Maybe the original author could provide SHA256 sums in addition to the SHA1 sums or even replace them first. I really would like to keep the current approach relying on upstream checksums.

[webagentur-hartmann]

While I can understand the preference for SHA256 checksum I would prefer keeping the SHA1 sum for now since this could easily be cross-checked with the original source here: https://www.willuhn.de/products/jameica/download.php (see especially https://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64-2.10.1.zip.SHA). Maybe the original author could provide SHA256 sums in addition to the SHA1 sums or even replace them first. I really would like to keep the current approach relying on upstream checksums.

The checksum itself seems to be only for the process of building the flatpak. This bot generates the checksum from the file at runtime and compare it with the stored one.

While installing the flatpak, I did not remember a window to compare checksum.

But, if you want to stay at sha1 it is fine for me.

[webagentur-hartmann]

Btw: First, i checked the sha1 hash for correctness. After that, I let me show the sha256 hash.

[tobias-hammerschmidt]

Yes this is purely related to the build process to ensure that the sources/binaries haven't been modified. As explained I'd like to keep the current SHA1 checksum which can directly be verified by looking at the checksum files next to the original downloads.