hash to verify deb and exe?

[ysk3a]

I've noticed that under the release page there was no hash file, only the executables. Does AppFlowy github have a hash file anywhere or would it be possible to add such files under the releases page to verify the download?

[Digital365Staking]

AppFlowy's GitHub releases currently do not include hash files (e.g., SHA-256 or MD5 checksums) alongside the executables. These hash files are essential for verifying the integrity and authenticity of downloaded files to ensure they haven't been tampered with during the download process.

Steps You Can Take:

1. Check the GitHub Issues Page:
   If there isn't already a request for hash files, you could open an issue on the AppFlowy GitHub Issues page to request that they include hash files in future releases. This would help bring attention to the matter, and the development team might add it in future updates.

2. Generate Your Own Hashes:
   As a temporary solution, you can generate the hash of the downloaded file yourself and verify it once an official hash file is provided:

   • On Windows, use PowerShell:

     Get-FileHash -Algorithm SHA256 C:\path\to\file.exe

   • On macOS/Linux, use:

     shasum -a 256 /path/to/file

3. Community Involvement:
   If you're involved with or interested in contributing to AppFlowy’s development, you could even submit a pull request or propose that the release automation process include a hash file generation step.

Why It's Important:

Including hash files (SHA-256 is most common) helps verify that the executable has not been altered or corrupted, providing an additional layer of security for users. Many software projects provide this for their downloads, especially open-source projects where user trust is key.

Would you like help drafting an issue request for this on GitHub?