-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/09/2010 12:32 AM, PeterS wrote: > Hi a.l.e., > >> reality check... they can't have the same checksum... >> ... and you should probably get the checksums from the scribus website... > >> ciao >> a.l.e > > > thank you very much for your kind answer, but that's exactly why I am > asking > my question here ;-) > Did you read the entire text? See below... > > >> before installing Scribus 1.3.9 I'd like to do a checksum >> verification for scribus-1.3.9-win32-install.exe downloaded from >> sourceforge.net >> (http://sourceforge.net/projects/scribus/files/scribus-devel/1.3.9/) >> >> http://www.scribus.net/node/233 only mentions the *source* >> verification checksums. >> >> chip.eu (don't know if they are trustworthy, the entries seem to be >> provided by the users rather than being an editorial choice) have the >> checksum "631EFECF7BE8C93B5CBE47F9D8B54071" for *both* 1.3.8 and >> 1.3.9.
Hi, Here are the sha1sums for the *sources*: 86bc4db2d8fbb91fe94f8535327991e9128c5862 scribus-1.3.9.tar.bz2 3a13eaddb8124a5b6e201fb61b57d2525e679def scribus-1.3.9.7z In addition, I will upload the gpg signatures to the sourceforge download page. As for the Windows binaries, I think there is some mechanism in the NSIS installer which can detect tampering, but I need to look into this further. All the rpms and debs packaged by the team also are signed by the package build system. Cheers, Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk0A7oYACgkQ73uV5/YBZtpdFwCgs/xkggqADG+lJ0lj5xZdk0AW WvYAn3o7d0MuQe9k7SnpNK+t1hprktzu =71FY -----END PGP SIGNATURE-----
