SHA512SUMs for Firefox 46.0 are useless. Why?
Before Firefox 46.0, I could download the SHA512SUMS file, check its signature with gpg, then use that file to check that the copy of Firefox I was downloading was intact and hadn't been tampered with. I'd even created a script that downloaded the files and checked them for me. There are at least two things wrong with the SHA512SUMS file available for Firefox 46.0:
1. The filenames in it no longer correspond to the filenames on your site. Example: the entry for en-US linux-i686 for 45.0 has this for a filename after the SHA512 sum:
> linux-i686/en-US/firefox-45.0.tar.bz2
which reflects the actual directory and filename that the file is stored as. In contrast, the same entry for firefox 46.0 is:
> firefox-46.0.en-US.linux-i686.tar.bz2
... but the file on your website is still stored in the linux-i686/en-US directory as "forefox-46.0.tar.bz2".
Yes, I could correct for that in my script. But at's annoying, and also there's the second problem:
2. Some files aren't even in the SHA512SUMS file. The Windows files are nowhere to be seen. There's no ".exe" string in the file.
Please tell me this whole thing is an error that will be fixed?
Chosen solution
All Replies (1)
Chosen Solution
hi, please see https://rail.merail.ca/posts/firefox-460-and-sha512sums.html