[krita] [Bug 363110] New: Insecure download for pre-built Krita (especially the beta version)

_Vi Sun, 15 May 2016 15:17:07 -0700

https://bugs.kde.org/show_bug.cgi?id=363110


            Bug ID: 363110
           Summary: Insecure download for pre-built Krita (especially the
                    beta version)
           Product: krita
           Version: unspecified
          Platform: unspecified
               URL: https://krita.org/download/krita-desktop/
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: krita-bugs-n...@kde.org
          Reporter: vi0...@gmail.com

For example, I see "Linux Bleeding Edge Appimage Download" for downloading a
user-executable file by HTTP.

No HTTPS, no signatures, not even sha1sum.

The same for Windows binaries.

Reproducible: Always

Steps to Reproduce:
1. Go to Krita download site
2. Download Krita
3. Attempt to verity if the downloaded file is corrupted

Actual Results:  
No way to verify if the downloaded file is genuine

Expected Results:  
There is published checksum or there is detached signature file.

-- 
You are receiving this mail because:
You are watching all bug changes.

[krita] [Bug 363110] New: Insecure download for pre-built Krita (especially the beta version)

Reply via email to