Add SHA1/SHA256/MD5 hashes for release page jar

Question

Add SHA1/SHA256/MD5 hashes for release page jar

Ghifari160 opened this issue 2 years ago · 2 comments

I don't know how useful it would be to add these hashes given that the jar is uploaded through the build automation but it wouldn't hurt. Given that the detector tool is also a jar, presumably it could be infected? While the hashes wouldn't tell us if the jar was infected before it was uploaded (it's unlikely in the first place), it would tell us if the jar got infected after downloading it to an infected system. It's just an additional warning sign for the worst case scenario.

Answer 1 · 2023-06-08T21:53:33.000Z

Then it would detect itself.

Answer 2 · 2023-06-09T17:25:35.000Z

Yes, assuming you ran a full system scan, the detector will scan itself.