Re: [dev] Checksums and Sig files for release gzip

From: Laslo Hunhold <dev_AT_frign.de>
Date: Sat, 17 Apr 2021 16:30:15 +0200

On Wed, 14 Apr 2021 09:05:01 +0300
Sergey Matveev <stargrave_AT_stargrave.org> wrote:

Dear Sergey,

> If we a talking here about checking software integrity, then speed is
> important. Millions of people check the hash of downloaded files -- if
> it is slow, then huge quantity of time/energy is wasted. Less time you
> spent on hashing, less energy is wasted. SHA2 (and SHA3 too, if we are
> not talking about KangarooTwelve modifications) is the worst choice
> from ecology point of view.

we would save much more energy by banning autohell, Rust, bloated
electron-apps and Qt. Especially autohell is really a huge waste of
time and energy, and I often find that packages take longer to
"configure" (what for?) than to actually compile. Never has configure
ever helped me; it always stood in the way, e.g. when GHC added a
warning a few months ago, breaking all autoconf-checks who assumed that
any output from the compiler was an error.

With best regards

Laslo
Received on Sat Apr 17 2021 - 16:30:15 CEST