Open scottfurry opened 2 weeks ago
Answered here: https://github.com/laurent22/joplin/pull/11252
From pull request:
Reason for the Change: The current build process relies on platform-specific mechanisms to verify the integrity of macOS .dmg files. This change provides a platform-independent solution by using a sha512sum checksum, improving security and ease of use for all users.
I believe the rational is valid and prudent. The .dmg can be manipulated. I have to disagree with the decision.
The .dmg can be manipulated
Yes it can - but then it won't be allowed to run. So I'm not seeing any problem here. Also, again, we already publish a hash in latest-mac.yml. It's unclear why this is not enough
Operating system
macOS
Joplin version
gt or eql 3.1.15
Desktop version info
No response
Current behaviour
Current Stable Releases uses a Windows blockfile to verify MacOS disk-image dmg.
Expected behaviour
Platform independent sha512sum file expected.
Logs
No response