Discuss the 5.2.2 release
Discuss the 5.2.2 release
Discuss the 5.2.2 release here.
You can download the release here.
Mainly a regression-fix release for 5.2.0.
You can download the release here.
Mainly a regression-fix release for 5.2.0.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Discuss the 5.2.2 release
The main page gives October 24th as the release date of 5.2.2, which is a tad confusing. I had to do several double takes!
Edit: Ah, fixed now I see. For others convenience the changelog is here. |
Re: Discuss the 5.2.2 release
Fixed, thank you (and Michal, who pointed it out too).
-
- Posts: 8
- Joined: 12. Mar 2016, 12:01
Re: Discuss the 5.2.2 release
I think the hashes are missing for this release. Would someone upload them?
Thanks.
https://www.virtualbox.org/download/has ... SHA256SUMS
https://www.virtualbox.org/download/has ... .2/MD5SUMS
Thanks.
https://www.virtualbox.org/download/has ... SHA256SUMS
https://www.virtualbox.org/download/has ... .2/MD5SUMS
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Discuss the 5.2.2 release
The problem is that the checksums that ChipMcK gave are over "http" and people that are checking the checksums want them over "https". And in the Downloads page (which is https) the links to the checksums are broken (the links that halfervirt gave). I've had another complaint over the IRC.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 8
- Joined: 12. Mar 2016, 12:01
Re: Discuss the 5.2.2 release
Alright, thanks both. I've upgraded to 5.2.0 for now, and I'll await the 5.2.2 hashes being available over a secure channel.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Discuss the 5.2.2 release
I'm curious why? The hashes have nothing to do with security, they're about checking whether you have a corrupted download, after you suspect same.halfervirt wrote:Alright, thanks both. I've upgraded to 5.2.0 for now, and I'll await the 5.2.2 hashes being available over a secure channel.
On Windows versions at least, security is provided by digital signatures embedded in the executables, including the installer.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Discuss the 5.2.2 release
Same on the OSX side about the installer. But I guess that if the download is not from an "https" source, and the SHA256 (minimum) is not available again from an "https" source, some people are having trouble sleeping at nightmpack wrote:On Windows versions at least, security is provided by digital signatures embedded in the executables, including the installer.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Discuss the 5.2.2 release
AFAICS the website shouldn't matter. Even if you got the installer off a guy with a barrow down at the fishmarket, the installer can only pass a digital signature check if the code is untouched since Oracle signed it.
Re: Discuss the 5.2.2 release
You REALLY should know what you're talking about if you've going to dispense security advice to people. In your scenario, you acquire an installer from a stranger at the fishmarket. Now how are you going to verify that it came from Oracle? By trying to open it? Do you see the problem with that?mpack wrote:AFAICS the website shouldn't matter. Even if you got the installer off a guy with a barrow down at the fishmarket, the installer can only pass a digital signature check if the code is untouched since Oracle signed it.
Re: Discuss the 5.2.2 release
Sorry about that, hashes uploaded.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Discuss the 5.2.2 release
I'm speaking as someone who is a developer who digitally signs his own code with a DigiCert EV certificate (requiring a USB key to be present). How about you?Nickna wrote: You REALLY should know what you're talking about if you've going to dispense security advice to people.
By using the signature verification tools provided by your OS. This is what the signature is there for. This does not require you to run the suspect executable. If the code has been modified then the digest hash check will fail. Only Oracle can provide an Oracle signature which passes.Nickna wrote: In your scenario, you acquire an installer from a stranger at the fishmarket. Now how are you going to verify that it came from Oracle? By trying to open it?
Edit: I see that Michael has fixed the hashes problem, and this discussion is off topic (oops), so we had better stop there. |
-
- Posts: 29
- Joined: 26. May 2012, 16:20
- Primary OS: Ubuntu other
- VBox Version: PUEL
- Guest OSses: Host: Linux Mint / Guests: Windows 10 - Win XP - OS/2 Warp 4 - MS-DOS
Re: Discuss the 5.2.2 release
No go. Back to 5.1.30. You still can't use 3D acceleration in a Linux guest.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Discuss the 5.2.2 release
@RonSMeyer1
Please don't generalize, not all Linux guests have issues. All of mine are just fine, thank you. If you have a problem with a specific distro/version, please state which one. Don't just throw an "all of them" out there.
Please don't generalize, not all Linux guests have issues. All of mine are just fine, thank you. If you have a problem with a specific distro/version, please state which one. Don't just throw an "all of them" out there.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.