#863 Hash downloads

[Jony Rosenne]

I suggest that together with each download the sha-256 hash should be provided to allow the user the verify the authenticity of the download.

[MrMe]

FYI...MD5 and SHA1 hashes are already there for each file. See the 'details' link to the right of each file. I guess you specifically want to see SHA256 hashes?

[Jony Rosenne]

Sorry, I am looking at https://sourceforge.net/projects/passwordsafe/files/ and cannot see hashes.
Please point me to them.

[MrMe]

For example, see https://sourceforge.net/projects/passwordsafe/files/Windows/3.47.0/ for the latest windows version files. There is a circle with a lower case i in it to the right of each file, mouse over and click on it to get the SHA1 and MD5 hash for that file.

[MrMe]

The windows installer executables are also signed. In windows, once you download the .exe, you can right click on the .exe file, select Properties and then Digital Signatures, then click on Rony's name in the Signature list and then click the Details button to see that the signature is Ok.

[Jony Rosenne]

In this case all there is to do is to put this information in the main download page.

[Rony Shapiro]

Hashes are generated by SourceForge, I just check that they're the same as the ones I have on the files I built and uploaded.
Adding the hashes in another place would be nice, but I'm not going to do this manually for each release, sorry.