[Pidgin] #15277: Windows installer relies on HTTP rather than HTTPS

Pidgin trac at pidgin.im
Thu Sep 20 13:13:47 EDT 2012


#15277: Windows installer relies on HTTP rather than HTTPS
-------------------------+--------------------------------------------------
 Reporter:  ioerror      |        Owner:  datallah       
     Type:  enhancement  |       Status:  new            
Milestone:               |    Component:  winpidgin (gtk)
  Version:  2.10.6       |   Resolution:                 
 Keywords:  security     |  
-------------------------+--------------------------------------------------

Comment(by Daniel Atallah <datallah at pidgin.im>):

 (In [40eb50cbc39d]):[[BR]]
 Add support to the win32 installer to check the sha1sum of the downloaded
 GTK
 Bundle and debug symbols.  Refs #15277

  * To make this worthwhile, the download redirection URL (which also
    serves the sha1sums) now uses https.
  * This uses a custom NSIS plugin (distributed, along with its source in
 the
    Pidgin installer deps) to do the sha1sum calculation on the downloaded
    resources.  The plugin is based on the win32 sha1sum implementation by
    Werner Koch (http://lists.gnupg.org/pipermail/gnupg-
 announce/2004q4/000184.html).

-- 
Ticket URL: <http://developer.pidgin.im/ticket/15277#comment:8>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list