Eclipse Community Forums: Oomph » Checksum Validation of Installed Packages

Home » Eclipse Projects » Oomph » Checksum Validation of Installed Packages(Validating packages installed by Oomph)

Checksum Validation of Installed Packages [message #1761183]

Mon, 08 May 2017 11:38

Eclipse User

Does the Oomph installer do any automatic validation of the packages it downloads/installs from mirror sites? Or is this something you have to try and implement yourself?

Re: Checksum Validation of Installed Packages [message #1761304 is a reply to message #1761183]

Tue, 09 May 2017 11:03

Eclipse User

Packages that are downloaded are signed, and Eclipse does validate those digital signatures.

Re: Checksum Validation of Installed Packages [message #1761307 is a reply to message #1761304]

Tue, 09 May 2017 11:12

Eclipse User

Oomph does no more or less checking than p2 itself does when you install something into an IDE. All signed artifacts are verified, any before any unsigned artifact is installed, you will be asked if that's okay. So if you unless you install unsigned things, you can be sure you're really installing what you're expecting to be installing.

Re: Checksum Validation of Installed Packages [message #1764494 is a reply to message #1761307]

Tue, 30 May 2017 09:39

Eclipse User

Does it also do any checksum validation, like with the SHA or something else? Or is it just the signature, so that if you're downloading unsigned packages you have no way of knowing whether or not it's what you expect?

Re: Checksum Validation of Installed Packages [message #1764501 is a reply to message #1764494]

Tue, 30 May 2017 10:45

Eclipse User

I suppose unsigned jars could be tampered.

Previous Topic:	CI Testing of Setups
Next Topic:	Adding update repository to Eclipse Installer

Goto Forum:

-=] Back to Top [=-

Current Time: Wed Jul 16 07:44:24 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter