https://bugs.winehq.org/show_bug.cgi?id=47966
Artem S. Tashkinov aros@gmx.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #4 from Artem S. Tashkinov aros@gmx.com --- (In reply to Rosanne DiMesio from comment #3)
Artem,
Are you talking about the source tarballs or the WineHQ binary packages? Because the sha256sums for the latter are already published. The Debian/Ubuntu ones are in the Packages files in the various subdirectories and the Fedora ones are in the primary.xml.gz files in the repodata subdirectories.
I'm talking about source packages (tar/tar.xz). Distro binary packages are already signed for the distros which use signature verification.
Let's see:
https://www.winehq.org/announce/5.0-rc2 - no hash sum.
https://wiki.winehq.org/Download - no hash sum.
https://dl.winehq.org/wine/source/5.0/ - OK we've got a sign file which probably solves the case but still it won't hurt having hash sums published along downloads as well.
Anyways I'm closing this bug report not to waste anyone's time.