My softwares (made with Xojo) are on my website (a subdomain) host by Ionos.
Toroco Softwares
In the past I own another website host by Orange but they stopped websites. I did put the SHA-256 Checksum of my applications on this other website, now I put them on my website (the same which contains my softwares).
I think it is better to put the checksums on another website.
Is it better or useless? If better, would someone be agree to give me a subdomains on his host and I would do the same for him. It is just to put our CheckSums.
I don’t understand the question at all. Have you checked your Google Analytics if anyone opens the extra pages for the SHA at all?
I don’t know what’s Google Analytics and how to use it, but when I upload a new ZIP of a new version of software and I forget to uptodate the corresponding checksum, some people write me to ask if it’s a problem or if I forgot.
You question should not be a question. If you have 2 websites, where yours apps are publicized, and you publicized the expected file hashes, both sites should reflect the same hashes for “whatever app 1.3” for example. Logically if one site is behind with whatever1.3, and the other has whatever1.4, your customers will understand they are not the same and the hashes will differ.
Either you have an entry “update hashes” in your list for making releases or you can try to make the change automatically. The less steps your release has the better.
I think I’m not clear in my question. I generate my checksums without problem. The checksums are useful to the user to check if the file downloaded is not corrupt and to be sure another person didn’t hack the website and modified the application added it a virus. If the hacker hack the website, he can re-generate the checksum of the zip of the application he corrupted. But if the checksum is on another website, the hacker has to hack the other website to modify the checksum.
How your users will now that they need to look at another website for the checksum? by clicking a link on the download page?
If someone hack the website to change the download file, they can change the link to the checksum too.
Ahhh yes, that’s true.