Please add checksum/hashes for all install/upgrade zips
-
Michael Ramsey shared this idea 3 years ago
- Support
- Post the first comment
1
Votes
Login to Vote
Please add checksum/hashes for all download install/upgrade zips
With things like this where there is no details provided
https://blog.whmcs.com/133679/security-update-2021-02-26
Each posted file installer should have the checksum of the installer posted so we can verify we downloaded an non corrupted/tampered installer and for those with source control stuff to be able to compare with the posted site to ensure they have verifiable installers
Like in Linux this can be easily verified like this:
sha256sum whmcs_v7103_full.zip
e3680b68cca67920c29766bd5100b6c308cb331df5b1f506abf083096c95271c whmcs_v7103_full.zip
sha256sum whmcs_v813_full.zip
4dece8276a41b6189853e5198f4c97053fc289409871454d259630287a9c8635 whmcs_v813_full.zip
Lots of other apps/software provide a way to verify the integrity of the installer see Pycharm example
https://gnupg.org/download/integrity_check.html
Please ensure the checksums/hashlib used is sha256 or higher so we can be reasonably sure there is not a chance for hash collision
With things like this where there is no details provided
https://blog.whmcs.com/133679/security-update-2021-02-26
Each posted file installer should have the checksum of the installer posted so we can verify we downloaded an non corrupted/tampered installer and for those with source control stuff to be able to compare with the posted site to ensure they have verifiable installers
Like in Linux this can be easily verified like this:
sha256sum whmcs_v7103_full.zip
e3680b68cca67920c29766bd5100b6c308cb331df5b1f506abf083096c95271c whmcs_v7103_full.zip
sha256sum whmcs_v813_full.zip
4dece8276a41b6189853e5198f4c97053fc289409871454d259630287a9c8635 whmcs_v813_full.zip
Lots of other apps/software provide a way to verify the integrity of the installer see Pycharm example
https://gnupg.org/download/integrity_check.html
Please ensure the checksums/hashlib used is sha256 or higher so we can be reasonably sure there is not a chance for hash collision
Post the first comment
Login to post a comment.