|
@BetterRed Thanks for that link. I had done some searches, but none surfaced that thread. I tried permutations including keywords which appeared in the body of that thread... oh well.
So the issue is SHA256 and some platforms' lack of support, e.g. Vista. Fair enough.
What mechanisms are used to assure the validity of the distributed software on other platforms?
Officially published hashes or detached signatures (e.g. gnupg) would provide a multiplatform means of validating untampered distributions.
I'm no expert in code signing for Windows; perhaps it's impossible or too inconvenient to sign both SHA1 and SHA256. Nevertheless, I think it's important that all supported platforms are afforded /some/ means to validate their download. I believe the issue is important enough that failing this, one should go so far as to consider such platforms as something like "working--but not officially supported (see reasons *)" at that point.
|