On 20 July 2011 21:11, ilf <ilf_AT_zeromail.org> wrote:
> On 07-20 20:52, garbeam wrote:
>>>
>>> Could the releasers please start providing checksums (or PGP signatures)
>>> for releases?
>>
>> We coped very well without it for many years, why is the lack of md5 files
>> a concern now?
>
> I always wondered if this had been discussed and rejected or just never
> thought about.
>
> Seems pretty helpful for some basic verification. Also seems good practive
> in the FLOSS world. Plus there have been cases of pwned and backdoor'd FLOSS
> repositories/releases.
>
>> Anyhow, I'm fine to create md5 files for all downloadable tar.gz's that
>> you can check the integrity.
>
> Cool! Tough SHA(1|256) seem more reasonable to me. :)
Well, what you get is this from now on:
http://dl.suckless.org/dwm/md5sums.txt
http://dl.suckless.org/dwm/sha1sums.txt
This can also be found in other directories. I hate having a sum file
per tar.gz...
Cheers,
--garbeam
Received on Wed Jul 20 2011 - 22:27:50 CEST
This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 22:36:03 CEST