Sha 256 or 512 to verify the download

[frao0]

Hi all,

I tried to look for it in the forum and wiki but did not find any answer. I am a macOS user and when I download the love.app file macOS says that is not safe.

I read that there are the workaround but before applying them, would be possible to have a signature from the developer that can certify the validity of the file?
This is very common for example in Linux so that when you download a programme that is not in the PPA you can verify the sha and if it matches with the one provided by the developer, most like the programme is authentic.

This is an example of what I mean: shasum -a 256 /path/to/file - and if the result matches the one provided by the author of love2d, we are sure that we can allow the software without any risk.

I am not an IT expert so please forgive me if I am writing nonsense but I think this should be possible.

Thank you for the help!

[BrotSagtMist]

Yea you are misreading that part, at least for linux.
Checksums are meant to check for data integrety, they tell you if the file was properly transferred or if your drive is broken.
Theoretically speaking if someone is able to pitch a compromissed program file they are 100% also able to pitch a modified checksum with it so the thing is kinda pointless security wise.
Thats another reason we have repos for distributing programs.

What you probably meant are developer signatures for _trusted_ stuff. Totally different thing.
Not very sensible either, who cares if the no game screen has a warning anyway?

[frao0]

Hey BrotSagtMist, thanks for the reply. alright, got it! so the checksum won't change anything regarding the "risks" of installing the software. thank you!