On 4/23/2026 13:27, Oliver Kiddle wrote:
Clinton Bunch wrote:The browser police have gotten very strict and corporate oriented they flag things as phishing or malware very easily nowadays and one of their red flags is an absence of modern chksums and when they do they put upI've added the SHA256SUM files as per your instructions. Is rather silly given that the MD5 checksums are there to detect bitflips and corruption rather than any security or malware. I can't say I've seen any such flags but then I only use firefox or librewolf and set browser.safebrowsing.enabled to false to stop it contacting google addresses. Files on the mirrors are GPG signed for the security- conscious. That may not be the modern approach either these days with alternatives like sigstore. I've left the MD5SUM files there too for now. May not be a good idea to purge them too quickly - perhaps they can go when we've got a new release to upload. Etc/creating-a-release.txt makes no mention of updating the MD5SUM files.They also don't like bare apache auto index pages.Not a lot we can do about the mirrors, not that there are many anymore (and I've just removed the one that was reported as broken). The primary site uses nginx rather than apache. The auto index can perhaps be customised somewhat. That may help if you have suggestions on how to do it. Oliver
Here's a sample nginx.conf and a .mirror-theme directory for a zsh theme.
Attachment:
zsh.nginx.theme.tar.xz
Description: application/compressed