On 07-20 20:52, garbeam wrote:
>> Could the releasers please start providing checksums (or PGP signatures) for
>> releases?
> We coped very well without it for many years, why is the lack of md5
> files a concern now?
I always wondered if this had been discussed and rejected or just never
thought about.
Seems pretty helpful for some basic verification. Also seems good
practive in the FLOSS world. Plus there have been cases of pwned and
backdoor'd FLOSS repositories/releases.
> Anyhow, I'm fine to create md5 files for all downloadable tar.gz's
> that you can check the integrity.
Cool! Tough SHA(1|256) seem more reasonable to me. :)
-- ilf Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg! -- Eine Initiative des Bundesamtes für Tastaturbenutzung
This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 21:24:02 CEST