Aaron Griffin wrote:
On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer@archlinux.org> wrote:
On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer@archlinux.org> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
Which packages? I think it's technically fine as long as the md5sums are still there. If it's just sha1sums then I think the previous maintainer may have been feeling frisky
They did contain both types of hashes...I believe it was streamripper and numlockx. So it was just a case of someone thinking of future validation methods?
Well, I believe makepkg checks both if they both exist. It was someone being absolutely certain that the file is what we say it is 8)
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums and they will all be checked by makepkg.