[arch-dev-public] sha1sums in PKGBUILDs
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer@archlinux.org> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
Which packages? I think it's technically fine as long as the md5sums are still there. If it's just sha1sums then I think the previous maintainer may have been feeling frisky
On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer@archlinux.org> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
Which packages? I think it's technically fine as long as the md5sums are still there. If it's just sha1sums then I think the previous maintainer may have been feeling frisky
They did contain both types of hashes...I believe it was streamripper and numlockx. So it was just a case of someone thinking of future validation methods?
On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer@archlinux.org> wrote:
On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer@archlinux.org> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
Which packages? I think it's technically fine as long as the md5sums are still there. If it's just sha1sums then I think the previous maintainer may have been feeling frisky
They did contain both types of hashes...I believe it was streamripper and numlockx. So it was just a case of someone thinking of future validation methods?
Well, I believe makepkg checks both if they both exist. It was someone being absolutely certain that the file is what we say it is 8)
Aaron Griffin wrote:
On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer@archlinux.org> wrote:
On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer@archlinux.org> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
Which packages? I think it's technically fine as long as the md5sums are still there. If it's just sha1sums then I think the previous maintainer may have been feeling frisky
They did contain both types of hashes...I believe it was streamripper and numlockx. So it was just a case of someone thinking of future validation methods?
Well, I believe makepkg checks both if they both exist. It was someone being absolutely certain that the file is what we say it is 8)
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums and they will all be checked by makepkg.
On Thu, Nov 6, 2008 at 8:06 AM, Allan McRae <allan@archlinux.org> wrote:
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums and they will all be checked by makepkg.
So much hash, so little time...err nevermind.
2008/11/6 Thayer Williams <thayerw@gmail.com>:
On Thu, Nov 6, 2008 at 8:06 AM, Allan McRae <allan@archlinux.org> wrote:
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums and they will all be checked by makepkg.
So much hash, so little time...err nevermind.
(He's from BC)
On Thu, Nov 6, 2008 at 10:49 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer@archlinux.org> wrote:
On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer@archlinux.org> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I adopted. Are we adopting a new policy toward sha1sums? Did I miss the memo?
Which packages? I think it's technically fine as long as the md5sums are still there. If it's just sha1sums then I think the previous maintainer may have been feeling frisky
They did contain both types of hashes...I believe it was streamripper and numlockx. So it was just a case of someone thinking of future validation methods?
Well, I believe makepkg checks both if they both exist. It was someone being absolutely certain that the file is what we say it is 8)
Numlockx was mine back in the day. There was a push toward sha1sums a while back, and then we realized we didn't really need them so there was an anti-push and we stopped inserting them. I think makepkg -g generated the sha1's by default for a while
participants (6)
-
Aaron Griffin
-
Allan McRae
-
Dusty Phillips
-
Thayer Williams
-
Thayer Williams
-
Travis Willard