[Pidgin] #15277: Windows installer relies on HTTP rather than HTTPS
Pidgin
trac at pidgin.im
Thu Sep 20 13:13:04 EDT 2012
#15277: Windows installer relies on HTTP rather than HTTPS
-------------------------+------------------------------
Reporter: ioerror | Owner: datallah
Type: enhancement | Status: new
Milestone: | Component: winpidgin (gtk)
Version: 2.10.6 | Resolution:
Keywords: security |
-------------------------+------------------------------
Comment (by Daniel Atallah <datallah@…>):
(In [40eb50cbc39d]):[[BR]]
Add support to the win32 installer to check the sha1sum of the downloaded
GTK
Bundle and debug symbols. Refs #15277
* To make this worthwhile, the download redirection URL (which also
serves the sha1sums) now uses https.
* This uses a custom NSIS plugin (distributed, along with its source in
the
Pidgin installer deps) to do the sha1sum calculation on the downloaded
resources. The plugin is based on the win32 sha1sum implementation by
Werner Koch (http://lists.gnupg.org/pipermail/gnupg-
announce/2004q4/000184.html).
--
Ticket URL: <https://developer.pidgin.im/ticket/15277#comment:8>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list