[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] use SHA-2 family hash for releases

From: Andreas Stieger <Andreas.Stieger_at_gmx.de>
Date: Fri, 24 Feb 2017 13:45:27 +0100

Hello,

> > Should we keep generating both .sha1 and .sha512 for a transition
> > period?
> >
> IMO this would make sense. At least on Windows there are still several
> tools to verify file integrity which don't support SHA-512 just yet (one
> example [1]). Might pose another burden for some users to verify the
> package integrity (which on Windows isn't a functionality build directly
> into the OS unfortunately).

Not opposed to doing both. Just noting that after reading release.sh, it would seem that the .sha1 is primarily used to double check successful upload and publishing. User verification seems to be a secondary purpose, not least since we publish OpenPGP signatures on the full tarballs anyway.

Andreas
Received on 2017-02-24 13:45:34 CET

This is an archived mail posted to the Subversion Dev mailing list.