Hello! Would it be possible to add sha256 (and/or sha512) checksums to the Qt 4.8.6 download page [1]?
md5 checksums are easily forged in a few days with a couple of GPUs. In a post-Snowden era, to avoid security issues with downloads on a page that is not https by default, using sha2 (sha256 for instance) is necessary. Other security enhancements suggested: * make https default for download pages * sign checksums files (md5sums-4.8.6 and the future sha256sums-4.8.6) file with a well known Qt developper's GPG key Thank you for helping all of us improve security and fight malware through the use of up-to-date and secure hashing algorithms! :-) [1] http://download.qt.io/archive/qt/4.8/4.8.6/ jérôme https://cryptoparty.fr https://freemedsoft.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Interest mailing list Interest@qt-project.org http://lists.qt-project.org/mailman/listinfo/interest
