Closed thegoddambatman closed 8 years ago
For reference in the ticket directly, the md5sums I generated were:
a5788daf3b58b6a5efa222db9fd05367 multidoge-0.1.2.dmg
a9484de0a99ada77ebd0118a33708c72 multidoge-0.1.2-linux.jar
5083cb4f664cf3a62af292e54978ee39 multidoge-0.1.2-windows-setup.exe
If those are incorrect, we're in trouble, because I just did it 15 minutes ago.
The page is hosted on GitHub Pages, so I don't think that SSL is currently an option. I'll merge the PR, cause I can confirm my local files have the same MD5 sums, though I might use SHA256 in the future. MD5 is considered broken anyway.
And yes, signing should be doable, I recently set up a new key and all. No idea when the next verison will be released thoguh as I'm kinda swamped with work currently ;)
Thanks for bringing this up though! Keeping this open as a reminder :+1:
At the moment, there appears to be no way to verify the integrity of the multidoge binaries from http://multidoge.org . This creates risk in several ways for end-users:
The easiest solution for this is to publish the md5sums of the binaries offered someplace secure, such as an authenticated Gist, or a PGP-signed block offered on the website (the PGP block would even work on an HTTP, rather than HTTPS site).