-
All replies
-
Helpful answers
-
Apr 10, 2015 11:07 AM in response to drrtybylby Kurt Lang,If you download the file directly from Apple, why do you feel you need to know this?
-
-
Apr 10, 2015 11:17 AM in response to drrtybylby etresoft,drrtybyl wrote:
Download integrity verification
This is Apple, not Linux. You trust Apple and hope they don't install a privilege escalation vulnerability or skip verification of security certificates.
-
Apr 10, 2015 11:22 AM in response to drrtybylby Kurt Lang,You're not downloading the file from a collective of open source programmers. This is Apple, and they will make da** sure the files you get from them are clean. The only way they wouldn't pass an integrity check is if the file were damaged during a download. And the OS will inform you of that when it does its own check of the .dmg file when you open it.
-
Apr 10, 2015 11:23 AM in response to etresoftby drrtybyl,Yes, but files can be incomplete, malformed or altered during transfer.
Mac OS X: How to verify a SHA-1 digest - Apple Support
This article implies that the App Store performs this same verification. Inclusion of an SHA1 digest would helpful, why has Apple not included one for this download while it has for other update installers?
-
Apr 10, 2015 12:48 PM in response to drrtybylby etresoft,Yes. People have brought up that article before under similar circumstances.
Perhaps you didn't get my joke originally. It wasn't a joke. Your files may very well be incomplete, malformed, or altered during transfer. All you can do is hope that doesn't happen. Apple doesn't always provide checksums and even when they do, they don't always match.