You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the new feature:
Currently, OpenShot Installer and shasum verification are hosted on the same service, under the same repository/user.
Latest as of this request:
github.com/OpenShot/openshot-qt/releases/download/v3.1.1/OpenShot-v3.1.1-x86_64.exe
github.com/OpenShot/openshot-qt/releases/download/v3.1.1/OpenShot-v3.1.1-x86_64.exe.sha256sum.verify
Describe the solution you'd like:
The shasum should be hosted elsewhere, or at least under a different major contributor's account than yours @jonoomph
The text was updated successfully, but these errors were encountered:
Thanks for the suggestion. The only issue is I am the only developer with write access to the OpenShot repos. We have had security issues in the past from other contributors pushing code. While I could move the shasum to a different website (i.e. openshot.org), I'm not sure that really mitigates the threat mentioned here. I will do some research into this. Thanks for the suggestion!
Describe the new feature:
Currently, OpenShot Installer and shasum verification are hosted on the same service, under the same repository/user.
Latest as of this request:
github.com/OpenShot/openshot-qt/releases/download/v3.1.1/OpenShot-v3.1.1-x86_64.exe
github.com/OpenShot/openshot-qt/releases/download/v3.1.1/OpenShot-v3.1.1-x86_64.exe.sha256sum.verify
Describe the solution you'd like:
The shasum should be hosted elsewhere, or at least under a different major contributor's account than yours @jonoomph
The text was updated successfully, but these errors were encountered: