Hello from Bangalore, India. I am a mechanical engineer working on diesel engine structural durability and combustion simulation.
Welcome @sheth! Nice to meet you. Feel free to share or ask anything.
Thanks @Didac - had an important question about possible download location:
@Didac - not allowed to download from Github at my workplace! Any other alternative?
Oops, I read you wrong, sorry.
Well, in this situation what matters is that the image you download from the Internet is really the image you want to download.
That is why you must check that the hash matches the image you want to download, wherever it is or whoever provides it to you. With that, the security team should rest easy, I guess!
So, in the url
You can find the SHA256SUMS.txt file:
With this content:
b5c6197641f84b53ef739cb37dd8bfe291cbafdc4a415b435ef226098b1b40fb Logseq-darwin-arm64-0.8.10.dmg aa67771e6a6fdd7c0e4c2f3ca6af1285512d1da85eb497534e268e2a7fddad8a Logseq-darwin-arm64-0.8.10.zip 49568613f3fcc2c65fff9ed1796c7f24a4dcfd2d462cf5010710136bcc6361bc Logseq-darwin-x64-0.8.10.dmg e7dcd4b97d94482b91998a1288fb63ede859e9bd22a19cfa9d85a6909534e005 Logseq-darwin-x64-0.8.10.zip 637dab248e9aebc7309d0bb93d56a1e503c8f1a63079c869a4275fd24a4a0e69 Logseq-win-x64-0.8.10-full.nupkg 670ac503f6b03fc29d66f63e875bf237561afead80d0db49380d20388e021ccd Logseq-win-x64-0.8.10.exe 9fab9132457ff94d8cd3f163409c742c80c681e217e93639f23dacc1e4a695b7 Logseq-linux-x64-0.8.10.AppImage a1d6be9e472129b9598a04fecaf945095292f91c93b8f88af839510b5a3ff3a9 Logseq-linux-x64-0.8.10.zip d1a036a3f87c339311206b74a6a995afa705a41c25b66e78b2a5a0918771cf93 Logseq-android-0.8.10.apk 298a3456462f92b3d381758de436db9ae2ba337a2fe9a10071bdafeea0f47895 RELEASES
When you download a file you can check that it’s checksum it’s the same as in that list, so they is no changes in the file (or yes, if it’s different!)
You can easily find a tool for that on windows, I guess.
If you don’t want your work IP in the github’s logs, there are different options to avoid that.
- use an VPN
- use Tor
- use VPN + Tor
- go to an other place and download from there to a storage like a pendrive
- make a ssh tunnel
- ask someone to upload it to an available url to you.
The security team suggests no .exe will come from github source. the download link has to come from logseq.com. [Apologies - they are adamant - no github! Also adamant it has to be
It will be the most elegant, but you still have to check the checksum, as always.
Because that is what’s meter, not the origin, unless you want it to be registered expressly in the logs for some reason.
OK, If I am understanding correctly, it is not a question of logs or access, but a question of trust. I don’t know if the logseq servers already host any releases, but if this is not the case, thinking about this, I think that asking them to do so is not asking too little, but perhaps this solution could give you the confidence or guarantee you need:
To ask the sysadmins of logseq.com that the txt of the checksums of the releases published on github, were also published in a URL that hangs from the logseq.com domain, which would be easily automatable and would not cost any resources.
I would like add that Im having a similar issue to OP with my workplace IT department not allowing logseq because it does not follow the usual “trustable” source they are used to.
Its probably a good policy to have for a large global company.
Is it posssible to provide an .exe file on your domain?
In parallel, perhaps it is a good idea to also send this request to:
- hi at logseq dot com
- tiensonqin at gmail dot com
Done! sent the email.