On 6/2/15, 6:47 PM, "Chris Martin" <chrsm...@outlook.com> wrote:
>Not too familiar with the provenance of the MD5Checker or why we have to >generate our own hashes, so please forgive me if this is a “already >known" question 😊 Does adobe and Google host the expected MD5 hashes for >the artifacts that we download from them? If so, would it be possible to >check against that rather than our own generated hash? That way as they >update them, we will know the right hash to check against. > Ah, I should have added that to the background info. Adobe does not provide hashes for the AIR and Flash downloads and my most recent attempt to get it to happen died in the bureaucracy. In fact only the Apache downloads provide hashes in a programmatically retrievable way. Everybody else doesn’t supply them or it is buried inside an HTML page. I think the reason for that is that most folks manually download and unzip a package and if that zip blows up, they just download again. But when running the installer, it isn’t quite as obvious that there is a sequence of downloads that have to succeed and a zip failure that kills the Ant script just isn’t a friendly experience. So we have a higher need for a checksum than the suppliers do. -Alex
