Sha 256 or 512 to verify the download

Questions about the LÖVE API, installing LÖVE and other support related questions go here.
Forum rules
Before you make a thread asking for help, read this.
Post Reply
frao0
Prole
Posts: 2
Joined: Sat Nov 23, 2024 4:07 pm

Sha 256 or 512 to verify the download

Post by frao0 »

Hi all,

I tried to look for it in the forum and wiki but did not find any answer. I am a macOS user and when I download the love.app file macOS says that is not safe.

I read that there are the workaround but before applying them, would be possible to have a signature from the developer that can certify the validity of the file?
This is very common for example in Linux so that when you download a programme that is not in the PPA you can verify the sha and if it matches with the one provided by the developer, most like the programme is authentic.

This is an example of what I mean: shasum -a 256 /path/to/file - and if the result matches the one provided by the author of love2d, we are sure that we can allow the software without any risk.

I am not an IT expert so please forgive me if I am writing nonsense but I think this should be possible.

Thank you for the help!
User avatar
BrotSagtMist
Party member
Posts: 659
Joined: Fri Aug 06, 2021 10:30 pm

Re: Sha 256 or 512 to verify the download

Post by BrotSagtMist »

Yea you are misreading that part, at least for linux.
Checksums are meant to check for data integrety, they tell you if the file was properly transferred or if your drive is broken.
Theoretically speaking if someone is able to pitch a compromissed program file they are 100% also able to pitch a modified checksum with it so the thing is kinda pointless security wise.
Thats another reason we have repos for distributing programs.

What you probably meant are developer signatures for _trusted_ stuff. Totally different thing.
Not very sensible either, who cares if the no game screen has a warning anyway?
obey
frao0
Prole
Posts: 2
Joined: Sat Nov 23, 2024 4:07 pm

Re: Sha 256 or 512 to verify the download

Post by frao0 »

Hey BrotSagtMist, thanks for the reply. alright, got it! so the checksum won't change anything regarding the "risks" of installing the software. thank you!
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 12 guests