[arch-dev-public] sha1sums in PKGBUILDs
Aaron Griffin
aaronmgriffin at gmail.com
Thu Nov 6 10:49:44 EST 2008
On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer at archlinux.org> wrote:
> On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>> On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer at archlinux.org> wrote:
>>> Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I
>>> adopted. Are we adopting a new policy toward sha1sums? Did I miss
>>> the memo?
>>
>> Which packages? I think it's technically fine as long as the md5sums
>> are still there. If it's just sha1sums then I think the previous
>> maintainer may have been feeling frisky
>
> They did contain both types of hashes...I believe it was streamripper
> and numlockx. So it was just a case of someone thinking of future
> validation methods?
Well, I believe makepkg checks both if they both exist. It was someone
being absolutely certain that the file is what we say it is 8)
More information about the arch-dev-public
mailing list