From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Ali Elshishini <shishini@outlook.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#55666: enhancement request - SHA-256 for emacs downloads
Date: Fri, 27 May 2022 11:46:11 +0000
Message-ID: <DM5PR19MB46804F23E0591C7B79C67363DBD89@DM5PR19MB4680.namprd19.prod.outlook.com>
References: <DM5PR19MB4680BF5EC16D15C78F7ABE18DBD99@DM5PR19MB4680.namprd19.prod.outlook.com>
 <875ylr8cmq.fsf@gnus.org>
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="_000_DM5PR19MB46804F23E0591C7B79C67363DBD89DM5PR19MB4680namp_"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="22852"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: "55666@debbugs.gnu.org" <55666@debbugs.gnu.org>
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri May 27 16:43:14 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1nubBI-0005hM-Em
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 27 May 2022 16:43:12 +0200
Original-Received: from localhost ([::1]:41846 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1nubBH-0003IG-4q
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 27 May 2022 10:43:11 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:51582)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nubB8-0003HS-1l
 for bug-gnu-emacs@gnu.org; Fri, 27 May 2022 10:43:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:41699)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1nubB7-0001Ju-P0
 for bug-gnu-emacs@gnu.org; Fri, 27 May 2022 10:43:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nubB7-00056O-IU
 for bug-gnu-emacs@gnu.org; Fri, 27 May 2022 10:43:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Ali Elshishini <shishini@outlook.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 27 May 2022 14:43:01 +0000
Resent-Message-ID: <handler.55666.B55666.165366255319576@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 55666
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: wontfix
Original-Received: via spool by 55666-submit@debbugs.gnu.org id=B55666.165366255319576
 (code B ref 55666); Fri, 27 May 2022 14:43:01 +0000
Original-Received: (at 55666) by debbugs.gnu.org; 27 May 2022 14:42:33 +0000
Original-Received: from localhost ([127.0.0.1]:35596 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1nubAd-00055e-Me
 for submit@debbugs.gnu.org; Fri, 27 May 2022 10:42:33 -0400
Original-Received: from mail-dm6nam11olkn2092.outbound.protection.outlook.com
 ([40.92.19.92]:24353 helo=NAM11-DM6-obe.outbound.protection.outlook.com)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <shishini@outlook.com>) id 1nuYQ6-00064u-7U
 for 55666@debbugs.gnu.org; Fri, 27 May 2022 07:46:21 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=VdubIdXOw8rg+9+eKco+ay0XbVr1C6y3wrIIDG7zI2E4zfOWgfLp1t9X6lcFudfGdqHEuTxkto/RF9En7VBd6zz7BSuGJKitYr31DtHf2nn1RquYHw0CZFZyWlDdnJg80+TtiZpk87RrFXlAtYgxPu+w6Oi60Se6YLy607lmzVxa2KoF3QikWQvDblAECw8LgKuhFHMa4taUbmEuSxkLAXdZ9Xr/cZBfONPn0SexLSJqq2Vq/tGxbn8rYy8+/+y70HsKF68mqXK307q8Bcq8Bx1jXOW5aEenv1i2Z8CJGhQAHlsVYUFcZpfTBHnApgSwJzamMlLfF1aZVcOvTuPB3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=xEOlHV1Ta6x4m8Tc9mROfIymMEglMd8cx/yFO2VPHCg=;
 b=YzcHOgtrREP+nm6teda3vLjM4kcIUbTakDdsoVVDCQ3LIJ7yXVwWjKrimPsVh9xCf1w8qEXrM9ByozyGQTfV/+zk8JejXCoKeNIurBXVpfSQtpav4DxpddtV4Y//m6+IdC9QixpGZ8+qQtL2eFstAdcqD4yOZ+79ZitF2XiE9ikFd8FE6EMFeIeP2HRWqgTuIY0MGEm3q1OXcxOaJ40EcgICdTem+McLW9wH/EopZm7VnOetAlpWF02MUa8O2tdYEBtWdXcjvZnaeMW834+IJ4yVNs4Nwyt1OHsX7qxLaw0KOY0ipyKFEI4gL5uzFmvtZYNa2hyKO4xj5ySDo3150A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xEOlHV1Ta6x4m8Tc9mROfIymMEglMd8cx/yFO2VPHCg=;
 b=bZyBIlHYNaZ5PA/fTxEgaSPdFxDKGt68OvPclLg1oyssBWvVpSg4P9z2SmwdeuLx1VVcWSgGGsn9yTYRiTRdHpbBjDtt02g4OgpIJVKNAGQMByHUI8j07PvVAN3FTH/3fA63FexTpwK3LAXVuzb8RQuEQR9A9fCY//pribYA5tEgpS7mvbG6mgCYSoAjCTtGRxuO7X0N3x3HAHl9vJoZO2gcEzVGaEU277JW7ovZIW+spBZSPY0TNOPW8RjqpQolCpLLN3T9GvUQAJ3z0uZkWop8ehSLfhScP3fr9eNt8D5EA8+XguzjHDLmntpanYnlBfJieYFPy75QlCXZFwtzRQ==
Original-Received: from DM5PR19MB4680.namprd19.prod.outlook.com (2603:10b6:4:a7::20) by
 DM6PR19MB3321.namprd19.prod.outlook.com (2603:10b6:5:19d::30) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5293.15; Fri, 27 May 2022 11:46:11 +0000
Original-Received: from DM5PR19MB4680.namprd19.prod.outlook.com
 ([fe80::dda:60b1:cc25:476d]) by DM5PR19MB4680.namprd19.prod.outlook.com
 ([fe80::dda:60b1:cc25:476d%7]) with mapi id 15.20.5293.013; Fri, 27 May 2022
 11:46:11 +0000
Thread-Topic: bug#55666: enhancement request - SHA-256 for emacs downloads
Thread-Index: AQHYcShLG5y9osb93ki3yxEv0JCLXa0yj2HSgAAKTas=
In-Reply-To: <875ylr8cmq.fsf@gnus.org>
Accept-Language: en-CA, en-US
Content-Language: en-CA
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [XlyWVGuMEo2TYolaRFNr/pmFzRsHq5wwwqzkN1Mg0FU=]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 49809133-b48d-4462-999f-08da3fd67f42
x-ms-traffictypediagnostic: DM6PR19MB3321:EE_
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xl2RmoikBrL88bVkRNlnc1vE/dB1gVTEbh713xHbHYPW+P5NGjJ2rax/EXdeuqlkB62C4bvh8RMWyvHTqTiACyRai4O49g040phMXkPJ4T8JkWkiR5QE+JshAESJe1VYAjU43ESsOFYt/kPM3FTdshi0aQRerMXTLdMGWyUn9gJSECVA4dvLGYgOcbX/Lk6Hp+q4h8/Qh4wd5un18ywgEWiKa1zv01m5exYPriHBcW2aTeEeqfTlpBdiuOMSBz4cGp/epBkQ/hWQ5SshHW/sDY7QnGaAeV5JysmXJMh7AQBS6Q8ZN0tRuUdIgZrOwmBbwOyOMGLSCvcacnMEi8q9/r0sbZmfiGHR6diStSVnKJieNArqQ4EzjBiaLnqa10IGOa58gn6mhwcvOZh5wMbMFFAkitSbCtnfqtioG+pr1Ii7GKE3DoMRSwVd97HcR1Ogy12W3WlI5xeHyEBFPpE2Mq2/bWMjuwep8vpBqknqZyMKp9em6cU2G8CTRbUwpmUtCwN087fo6c+Fc2Q9YK+YOR/P7u1241cw3iOcEbyNg6LCoye1lV7I0S5WtPCp6CJmSPSs8CM8iJAWZ7VciPFBKy8JaaSv8etUxGOOOO35xO1gKQlAIMylHPsEigGpFgq7wYO1sQuX4QeOEnfdSoG894xGjbw1zSxijNM5wrS629Q=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qh32t5GkKHi4mPwexGeNNo0BMGxvW8oR3Vs5KuRA+EI/oMuii/uUK723zRRsb3/Jms0f2+lcFmrPnXGkWPn252liCIorvM0N4Q8XKynSD1J/hyuNywSZZCr4R7ALqwN2+F9q98t0J5pPOKAb0LWp/k/PYjwpczrMpgnwNsuqbG1cwEVAwyOqeiPameQrNvdFqV0BPe1VS1uEH9gaymeeoXGghjup6T7vJ8qqVcZ2vI6/ntl/eWtnRQs8fu6GBXnzHOuerORlLZSJcXq+v4z+8EnNGM4BiV+khPvtS/3BOHCRY3/aftvK0vsD8x1EQzYbfZ8KMRqvBPsoKpUzRr2WFEt/7DkB2TRa8R2FWj/KeFpB7tFhnvPpkPP5tTWx/OiyLeaV5YMKrE1F/35njiBrCtuBOwRu0x5jwgU9aXva8Yye5d1BtvysO1UVAaT8rWdrfcY1vTIYCOdfcfyLob3Fme6w5TKzWELBgJ5iaPubbxr04MLrfvWLprD+SjdijvbiqetGKOXmbq3wgC+oVAyCoBdGP3kSk0o9q4oXlu0OGQumxrmInsRZC13vvBmAQRfTGL1+2KEEQOBcWrSWMmbyW/0NJ8TdvtgcjTk5Ke42LcB8A8VEtw2eGuPdVN/aoSLkYAy/MO2zUW8TEatGba9TtatMQVvys3OJVx1PWd87lri3tiss7UF2EL0lRdmDOJ+czoNwv+RfaKg3PNIvO2CcNkmA93lkVweUr+GjyQmlAvjITZwq2tJnoZ2Yky
 BHV4SIE928qsR8m/ztDdcRAFQ1PNzMINyOBE2y5vPznSHRwXeK1AaciwQJo83YCn6ho6d28WIzUSmy2jzVcjj7b3wwjoYoUxlf 
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR19MB4680.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 49809133-b48d-4462-999f-08da3fd67f42
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2022 11:46:11.6656 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR19MB3321
X-Mailman-Approved-At: Fri, 27 May 2022 10:42:30 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:233210
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/233210>

--_000_DM5PR19MB46804F23E0591C7B79C67363DBD89DM5PR19MB4680namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

A checksum file (a file containing all checksums) can be included in the ft=
p folders
(each folder can have one checksums file for the files it contains)

This way the web page won't have to be updated with every release

Otherwise if you absolutely can't,  please add clear instructions on  how t=
o verify the downloads using the signatures, I personally tried my best and=
 still failed

Thanks
Ali

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Lars Ingebrigtsen <larsi@gnus.org>
Sent: Friday, May 27, 2022 6:59:25 AM
To: Ali Elshishini <shishini@outlook.com>
Cc: 55666@debbugs.gnu.org <55666@debbugs.gnu.org>
Subject: Re: bug#55666: enhancement request - SHA-256 for emacs downloads

Ali Elshishini <shishini@outlook.com> writes:

> May you please include a list of SHA-256 hashes for the downloads in
> https://www.gnu.org/software/emacs/download.html
>
> This will provide an easy and secure way to verify downloads
> Please note that the experience to verify the signature on windows is ver=
y poor
> and it for me at least ended up with the file nor being verified because =
of missing
> public key
>
> A SHA-256 hash will be a simple solution

That would require people to edit that web page every time they generate
a package, which would be error prone and require too much work of the
people who build the packages.

The packages are signed, which I think should be more than sufficient,
so I'm closing this bug report.

--
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

--_000_DM5PR19MB46804F23E0591C7B79C67363DBD89DM5PR19MB4680namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body>
<div dir=3D"auto">A checksum file (a file containing all checksums) can be =
included in the ftp folders</div>
<div dir=3D"auto">(each folder can have one checksums file for the files it=
 contains)</div>
<div dir=3D"auto"><br>
</div>
<div dir=3D"auto">This way the web page won't have to be updated with every=
 release&nbsp;</div>
<div dir=3D"auto"><br>
</div>
<div dir=3D"auto">Otherwise if you absolutely can't,&nbsp; please add clear=
 instructions on&nbsp; how to verify the downloads using the signatures, I =
personally tried my best and still failed&nbsp;</div>
<div dir=3D"auto"><br>
</div>
<div dir=3D"auto">Thanks</div>
<div dir=3D"auto">Ali</div>
<div><br>
</div>
<div id=3D"ms-outlook-mobile-signature" dir=3D"auto">Get <a href=3D"https:/=
/aka.ms/AAb9ysg">
Outlook for Android</a></div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" st=
yle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> Lars Ingebrigtsen &lt=
;larsi@gnus.org&gt;<br>
<b>Sent:</b> Friday, May 27, 2022 6:59:25 AM<br>
<b>To:</b> Ali Elshishini &lt;shishini@outlook.com&gt;<br>
<b>Cc:</b> 55666@debbugs.gnu.org &lt;55666@debbugs.gnu.org&gt;<br>
<b>Subject:</b> Re: bug#55666: enhancement request - SHA-256 for emacs down=
loads</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt;=
">
<div class=3D"PlainText">Ali Elshishini &lt;shishini@outlook.com&gt; writes=
:<br>
<br>
&gt; May you please include a list of SHA-256 hashes for the downloads in <=
br>
&gt; <a href=3D"https://www.gnu.org/software/emacs/download.html">https://w=
ww.gnu.org/software/emacs/download.html</a><br>
&gt;<br>
&gt; This will provide an easy and secure way to verify downloads<br>
&gt; Please note that the experience to verify the signature on windows is =
very poor<br>
&gt; and it for me at least ended up with the file nor being verified becau=
se of missing<br>
&gt; public key <br>
&gt;<br>
&gt; A SHA-256 hash will be a simple solution<br>
<br>
That would require people to edit that web page every time they generate<br=
>
a package, which would be error prone and require too much work of the<br>
people who build the packages.<br>
<br>
The packages are signed, which I think should be more than sufficient,<br>
so I'm closing this bug report.<br>
<br>
-- <br>
(domestic pets only, the antidote for overdose, milk.)<br>
&nbsp;&nbsp; bloggy blog: <a href=3D"http://lars.ingebrigtsen.no">http://la=
rs.ingebrigtsen.no</a><br>
</div>
</span></font></div>
</body>
</html>

--_000_DM5PR19MB46804F23E0591C7B79C67363DBD89DM5PR19MB4680namp_--