Bug 61397 - Built-in signature verification support
Summary: Built-in signature verification support
Status: RESOLVED FIXED
Alias: None
Product: kget
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Gentoo Packages Linux
: NOR wishlist
Target Milestone: ---
Assignee: KGet authors
URL:
Keywords:
: 150447 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-07-18 16:14 UTC by Paul Eggleton
Modified: 2009-11-10 00:23 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Eggleton 2003-07-18 16:14:37 UTC
Version:            (using KDE KDE 3.1.2)
Installed from:    Gentoo Packages
OS:          Linux

It would be useful if KGet had an optional feature to check for and verify downloads against PGP signatures or md5sums if they are available at the same location as the downloaded file. (Perhaps this would need to be enabled on a per-site basis, or per-filetype, to avoid too many unnecessary requests?)
Comment 1 Ant Bryan 2006-10-10 19:06:06 UTC
*** This bug has been confirmed by popular vote. ***
Comment 2 Ant Bryan 2006-10-10 19:08:18 UTC
Once metalink (http://bugs.kde.org/show_bug.cgi?id=124010) is supported, KGet can use the checksums/hashes and PGP signatures included there.

    <verification>
      <hash type="md5">example-md5-hash</hash>
      <hash type="sha1">example-sha1-hash</hash>
      <hash type="pgp"/>
    </verification>
Comment 3 Urs Wolfer 2008-01-26 19:36:40 UTC
*** Bug 150447 has been marked as a duplicate of this bug. ***
Comment 4 Ant Bryan 2008-10-31 04:57:51 UTC
http://mirrorbrain.org/news_items/metalinks_now_with_PGP_signatures

Metalinks from openSUSE now contain PGP signatures, along with full file and partial file checksums.

It would be great if KGet verified checksums, and automated integrated signature verification w/ Kgpg somehow.
Comment 5 Matthias Fuchs 2009-11-10 00:23:33 UTC
Added signature-verifying support to trunk (I added checksum-verifying support a few months ago).