[
https://issues.apache.org/jira/browse/FLEX-33150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427251#comment-13427251
]
Erik de Bruin commented on FLEX-33150:
--------------------------------------
I've updated my contribution.
Note: this solution is now part of my 'mega-patch', attached to FLEX-33106. I
have removed all my other patches. I was getting my patches crossed, and as the
Ghostbusters noted: "Don't cross the patches… It would be bad… Try to imagine
all life as you know it stopping instantaneously and every molecule in your
body exploding at the speed of light." ;-)
> Progamatically verify the MD5 hash of the downloaded Apache Flex SDK
> --------------------------------------------------------------------
>
> Key: FLEX-33150
> URL: https://issues.apache.org/jira/browse/FLEX-33150
> Project: Apache Flex
> Issue Type: Sub-task
> Reporter: OmPrakash Muppirala
> Assignee: Bertrand Delacretaz
> Priority: Blocker
>
> >>>4. The installer app needs to programatically verify the downloaded
> >>>flex
> >> >binaries' signatures. I have very little experience with crypto
> >> >algorithms. Can someone take this up? Even if someone can explain the
> >> >steps to do this, I can get it done.
> >>
> >> Are you going to check the signature (.asc) or the checksum (.md5)? I'm
> >> sure the later is much easier.
> >>
> >>
> >.md5 it is, then ;-) As I said, I dont know how to go about doing this
> >(yet) I will do some research on this when I get a chance.
> It looks like com.adobe.com.crypto.MD5Stream in
> https://github.com/mikechambers/as3corelib will do what you need. It has
> a BSD license so we can use it with no issues.
> Mail discussion thread:
> http://markmail.org/message/czqpeetkjart3ei6
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
