Where are the md5sums and SHA1 downloads kept to verify file integrity?
Thank you
You want MD5's for the distribution packages? Or for each file in the package? I think this would be somewhat redundant for the .zip and .dmg packages because I think they already contain their own checksums. I'm not sure about the .gz though, but if it expands without errors can't you be fairly certain that it is OK?
- Phil
I'm mostly interested in verifying, to a small extent, that I might not be downloading a trojan version. In other words, I'd like some additional assurance that someone else has not uploaded a malicious version for others to download.
Just make sure you download from the ExifTool web site and you should be OK as far as trojans go. If someone figures out how to hack the ExifTool site and upload a fake distribution then they could just as easily upload a new md5/sha1 file, so a checksum file won't guarantee a clean distribution.
I wouldn't trust any other source 100% (except CPAN, but that's just the Unix distribution).
- Phil
But since you asked, I have generated a file that contains the checksums:
https://exiftool.org/checksums.txt
This will be updated with each new distribution.
- Phil