On 02/19/2015 02:36 PM, Jérôme Pinguet wrote: > Hello! > > Would it be possible to add sha256 (and/or sha512) checksums to the Qt > 4.8.6 download page [1]? > > md5 checksums are easily forged in a few days with a couple of GPUs. In > a post-Snowden era, to avoid security issues with downloads on a page > that is not https by default, using sha2 (sha256 for instance) is necessary. > > Other security enhancements suggested: > > * make https default for download pages > * sign checksums files (md5sums-4.8.6 and the future sha256sums-4.8.6) > file with a well known Qt developper's GPG key > > Thank you for helping all of us improve security and fight malware > through the use of up-to-date and secure hashing algorithms! :-) > > [1] http://download.qt.io/archive/qt/4.8/4.8.6/
There's a very clear rule in 4.8: No new features are allowed. It's pretty much only security fixes that will find it's way to this. Perhaps some bug fixes as well. So no, you won't get this for a 4.8 based application. Your options are to upgrade Qt to 5.x (which you probably chose not to for some reason) or to implement it yourself. If you need this for a 4.8 based application, you can just create your own Qt patch and build Qt yourself with it. It shouldn't be difficult to port the code from the 5.x sources to 4.8. Bo Thorsen, Director, Viking Software. -- Viking Software Qt and C++ developers for hire http://www.vikingsoft.eu _______________________________________________ Interest mailing list Interest@qt-project.org http://lists.qt-project.org/mailman/listinfo/interest
