mamp: update sha256 #180318
mamp: update sha256 #180318
Conversation
|
Please reach out to upstream and ask if this was an intentional change. We need to be sure this was not a malicious act. |
|
hi @p-linnane i'm not sure what you mean with reaching out to upstream. yesterday i tried installing mamp but i was confronted with the following error: but then i'm confronted with the following error: so opening a pr this way felt like the only other way to update the sha256. |
|
Right. I'm asking you to contact the MAMP team and ask if this hash change is expected. Either they reuploaded the release without changing the version, or a malicious actor made changes to the release. We need to understand why the hash changed before we merge this in case it's a security issue. |
|
I opened a ticket in their bug tracker and will report back once I get an update. |
p-linnane
added
the
upstream
It seems like upstream is not aware of any tampering. Both theirs and our checksums can be matched to the latest binaries (not that this proves anything, but they are current): $ find . -type f -exec shasum -a 256 {} \; -exec shasum -a 512 {} \;
2f0c89c0682247c5543706911513af17304bd39d3a324473f8f919acad3a7fdd ./MAMP-MAMP-PRO-7.0-Apple-chip.pkg
d6bef3a4e309aec3a8d0e883a031f95b25be5f615662910d22f990d9c48e1940b4da00dc54b9d468bd0aec229b7553fe19694efe6e7e3923c1c35a5cfe4d33c9 ./MAMP-MAMP-PRO-7.0-Apple-chip.pkg
80b680cb002fdfeccd43bb4de8f73ea071d21544e9a024ffd0bab21eb2e8ecca ./MAMP-MAMP-PRO-7.0-Intel-x86.pkg
cd48bfdfed51dc69378f74c59ec005a3f735042c91e4f1e96bc4d61c4ab362c97bfa2d9d2a5d020213e8f4bab373c6e1e6f460549a8a18df0fc667769c2d581c ./MAMP-MAMP-PRO-7.0-Intel-x86.pkg |
Important: Do not tick a checkbox if you haven’t performed its action. Honesty is indispensable for a smooth review process.
In the following questions
<cask>is the token of the cask you're submitting.After making any changes to a cask, existing or new, verify:
brew audit --cask --online <cask>is error-free.brew style --fix <cask>reports no offenses.