X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Ffaq.but;h=e2e2374207a62e23632c74de93cdaeaffa0c69a8;hb=9f9d72ec58642e91b4f93ee4405a8086ee2fb2f0;hp=25a849b739426a824d4c2a7b8e5b44e8d72fa0e8;hpb=4d8782e74fed043fdf549718f99494622fe9e79b;p=PuTTY.git

diff --git a/doc/faq.but b/doc/faq.but
index 25a849b7..e2e23742 100644
--- a/doc/faq.but
+++ b/doc/faq.but
@@ -63,6 +63,9 @@ files into PuTTY's format.
 
 Yes. SSH-1 support has always been available in PuTTY.
 
+However, the SSH-1 protocol has many weaknesses and is no longer
+considered secure; it should be avoided if at all possible.
+
 \S{faq-localecho}{Question} Does PuTTY support \i{local echo}?
 
 Yes. Version 0.52 has proper support for local echo.
@@ -160,7 +163,7 @@ the wrong solution and we will not do it.
 
 If you have host keys available in the common \i\c{known_hosts} format,
 we have a script called 
-\W{http://svn.tartarus.org/sgt/putty/contrib/kh2reg.py?view=markup}\c{kh2reg.py}
+\W{http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=blob;f=contrib/kh2reg.py;hb=HEAD}\c{kh2reg.py}
 to convert them to a Windows .REG file, which can be installed ahead of
 time by double-clicking or using \c{REGEDIT}.
 
@@ -1187,7 +1190,7 @@ Partly, because we don't want to move the web site location (see
 Also, security reasons. PuTTY is a security product, and as such it
 is particularly important to guard the code and the web site against
 unauthorised modifications which might introduce subtle security
-flaws. Therefore, we prefer that the Subversion repository, web site and
+flaws. Therefore, we prefer that the Git repository, web site and
 FTP site remain where they are, under the direct control of system
 administrators we know and trust personally, rather than being run
 by a large organisation full of people we've never met and which is
@@ -1487,6 +1490,38 @@ suppliers so that it clearly distinguishes paid vendors who know about
 you from free software developers who don't have any idea who you are.
 Then, only send out these mass mailings to the former.
 
+\S{faq-checksums}{Question} The \c{sha1sums} / \c{sha256sums} / etc
+files on your download page don't match the binaries.
+
+People report this every so often, and usually the reason turns out to
+be that they've matched up the wrong checksums file with the wrong
+binaries.
+
+The PuTTY download page contains more than one version of the
+software. There's a \e{latest release} version; there are the
+\e{development snapshots}; and when we're in the run-up to making a
+release, there are also \e{pre-release} builds of the upcoming new
+version. Each one has its own collection of binaries, and its own
+collection of checksums files to go with them.
+
+So if you've downloaded the release version of the actual program, you
+need the release version of the checksums too, otherwise you will see
+a mismatch. Similarly, the development snapshot binaries go with the
+development snapshot checksums, and so on. (We've colour-coded the
+download page in an effort to reduce this confusion a bit.)
+
+If you have double-checked that, and you still think there's a real
+mismatch, then please send us a report carefully quoting everything
+relevant:
+
+\b the exact URL you got your binary from
+
+\b the checksum of the binary after you downloaded
+
+\b the exact URL you got your checksums file from
+
+\b the checksum that file says the binary should have.
+
 \H{faq-misc} Miscellaneous questions
 
 \S{faq-openssh}{Question} Is PuTTY a port of \i{OpenSSH}, or based on