[
https://issues.apache.org/jira/browse/FLEX-33150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426835#comment-13426835
]
OmPrakash Muppirala commented on FLEX-33150:
--------------------------------------------
Erik,
Thanks a lot for working on this. I havent tried your code yet. Will do it
tonight.
I prefer to keep the hash verification mandatory. Compared to the overall
download times, the ~150 seconds should not be too much of an addition.
> Progamatically verify the MD5 hash of the downloaded Apache Flex SDK
> --------------------------------------------------------------------
>
> Key: FLEX-33150
> URL: https://issues.apache.org/jira/browse/FLEX-33150
> Project: Apache Flex
> Issue Type: Sub-task
> Reporter: OmPrakash Muppirala
> Assignee: Bertrand Delacretaz
> Priority: Blocker
> Attachments: InstallApacheFlex_Patch_EdB_MD5_2012-08-01.txt
>
>
> >>>4. The installer app needs to programatically verify the downloaded
> >>>flex
> >> >binaries' signatures. I have very little experience with crypto
> >> >algorithms. Can someone take this up? Even if someone can explain the
> >> >steps to do this, I can get it done.
> >>
> >> Are you going to check the signature (.asc) or the checksum (.md5)? I'm
> >> sure the later is much easier.
> >>
> >>
> >.md5 it is, then ;-) As I said, I dont know how to go about doing this
> >(yet) I will do some research on this when I get a chance.
> It looks like com.adobe.com.crypto.MD5Stream in
> https://github.com/mikechambers/as3corelib will do what you need. It has
> a BSD license so we can use it with no issues.
> Mail discussion thread:
> http://markmail.org/message/czqpeetkjart3ei6
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
