Comment 2 for bug 1987673

Yeah, it's probably just a matter of adding the new hash to the whitelist. That said, I feel we should avoid hardcoding hashes when the software can be directly downloaded from the vendor website, especially if a repository is available. Fetching the files via https and therefore validating the source via its CA should be sufficient.