Re: [dev] dmenu-4.4

From: ilf <>
Date: Wed, 20 Jul 2011 21:11:38 +0200

On 07-20 20:52, garbeam wrote:
>> Could the releasers please start providing checksums (or PGP signatures) for
>> releases?
> We coped very well without it for many years, why is the lack of md5
> files a concern now?

I always wondered if this had been discussed and rejected or just never
thought about.

Seems pretty helpful for some basic verification. Also seems good
practive in the FLOSS world. Plus there have been cases of pwned and
backdoor'd FLOSS repositories/releases.

> Anyhow, I'm fine to create md5 files for all downloadable tar.gz's
> that you can check the integrity.

Cool! Tough SHA(1|256) seem more reasonable to me. :)

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung

Received on Wed Jul 20 2011 - 21:11:38 CEST

This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 21:24:02 CEST