SHA256 sums do not match for pycharm-2026.1.4 between download.jetbrains.com and github
I attempted to get some degree of confidence for the integrity of the installer by downloading the SHA256 sum from two different sources.
The checksums do not however match.
https://download.jetbrains.com/python/pycharm-2026.1.4.tar.gz.sha256
returns
448b9f819860fe7f83d6e11d703c984634c37e1f0989ccb3e21d01d644db557b *pycharm-2026.1.4.tar.gz
while https://github.com/JetBrains/intellij-community/releases WebUI gives
sha256:790dc8a5124d1e3b38b4fff2feae654bf83eef67a67287719f4f3ca3dc07ca90
for pycharm-2026.1.4.tar.gz
So I cannot perform even a weak verification of the installer download.
Please sign in to leave a comment.
Hi Eero Aaltonen, both checksums you found are correct. They describe two different builds that unfortunately share a file name.
1) https://download.jetbrains.com/python/pycharm-2026.1.4.tar.gz is the unified PyCharm distribution. It is about 1.2 GB and unpacks to a
pycharm-2026.1.4/directory. Its published checksum is the448b9f81…value you saw2) The
pycharm-2026.1.4.tar.gzasset on https://github.com/JetBrains/intellij-community/releases is a different file: PyCharm Community Edition, built from the open-source code in that repository. It is about 636 MB and unpacks topycharm-community-2026.1.4/. Thesha256:790dc8a5…digest is computed by GitHub for that Community build only. These GitHub builds are published only on GitHub and are not the same artifact as the one on download.jetbrains.com, so their checksums are not expected to match