Hi,
I was waiting for update 5.0.1 to replace MM4 as my main day-to-day music player (congratulations on the release!) and noticed that both the regular and debug installer are signed using sha1 which has been deprecated for https encryption and code signing by all major authorities (including the issuer of the cert used by the MM5 installer) a couple of years ago and is not considered safe anymore.
Please note that the actual certificate itself already uses sha384, it's just applied to the installer using digest algorithm sha1. While that's not a immediate dealbreaker I probably wouldn't call it best practice.
The MM5 installer is signed using an outdated algorithm [#18179]
Moderator: Gurus
The MM5 installer is signed using an outdated algorithm [#18179]
Last edited by TIV73 on Sun Aug 01, 2021 12:19 pm, edited 1 time in total.
Re: The MM5 installer is signed using an outdated algorithm
HI,
THX , added as https://www.ventismedia.com/mantis/view.php?id=18179
THX , added as https://www.ventismedia.com/mantis/view.php?id=18179
Best regards,
Peke
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
How to attach PICTURE/SCREENSHOTS to forum posts
Peke
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
How to attach PICTURE/SCREENSHOTS to forum posts