Nico Rehwaldt

Thanks for filing this issue. Could you elaborate on why exactly you need the checksums? Why would you need to verify it?

You are downloading end-to-end encrypted via HTTPS, right? How should a malicious release sneak into the download process?

Thanks for clarifying. That is a valid concern. If an attacker is able able to manipulate the downloaded artifact, what keeps her from manipulating the provided checksums though?

As a side note you may download the tagged artifacts from GitHub directly, too: https://github.com/camunda/camunda-modeler/releases.

Thanks for the additional details. I'm queuing this in backlog for now. > The way I verified the artifacts from last release was by downloading from both github.com and camunda.com,...

@harridu Can you build the tool locally yourself, you could check if https://github.com/camunda/camunda-modeler/pull/5112 indeed fixes the issue? ```sh git clone [email protected]:camunda/camunda-modeler.git cd camunda-modeler git checkout renovate/electron-37.x npm run all dist/linux-unpacked/camunda-modeler...

Related issue in `feelin` (FEEL JS) - https://github.com/nikku/feelin/issues/71 @saig0 https://github.com/camunda/feel-scala/issues/864#issuecomment-2188837091 I subscribe to your analysis. What would probably help us (and this is [on my todo list](https://github.com/nikku/feelin/issues/71#issuecomment-2096750349)) is to assert...

@philippfromme Can you reproduce this on Windows with v5.20.0, if not then let's close this as cannot reproduce?

This is likely due to our single instance behavior on Windows. I add `spring cleaning` to review it and see if there is ways how we can get rid of...

Cf. Linux: I cannot reproduce it in my setup; it would be obvious with my tiling window manager in place: