flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <jus...@classsoftware.com>
Subject Re: [MENTOR] InstallApacheFlex AIR app related questions
Date Tue, 17 Jul 2012 01:22:55 GMT

>> 2.  The installer downloads the binary distribution of the Apache Flex
>> sdk.  Should the installer programatically verify the downloaded binary
>> file's signature before uncompressing it?
> That is a good idea. If you retrieve a KEYS file (and I'm not sure if that is a good
idea) it must be from a different URL than the Binary.

Initially would a simple MD5/SHA1 hash check be enough? Not sure it's straight forward to
check digital signatures in Flex/AS. Anyone have experience with this?

View raw message