[arch-dev-public] sha1sums in PKGBUILDs
Travis Willard
twillard2 at gmail.com
Thu Nov 6 11:06:57 EST 2008
On Thu, Nov 6, 2008 at 10:49 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
> On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer at archlinux.org> wrote:
>> On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>> On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer at archlinux.org> wrote:
>>>> Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I
>>>> adopted. Are we adopting a new policy toward sha1sums? Did I miss
>>>> the memo?
>>>
>>> Which packages? I think it's technically fine as long as the md5sums
>>> are still there. If it's just sha1sums then I think the previous
>>> maintainer may have been feeling frisky
>>
>> They did contain both types of hashes...I believe it was streamripper
>> and numlockx. So it was just a case of someone thinking of future
>> validation methods?
>
> Well, I believe makepkg checks both if they both exist. It was someone
> being absolutely certain that the file is what we say it is 8)
>
Numlockx was mine back in the day. There was a push toward sha1sums a
while back, and then we realized we didn't really need them so there
was an anti-push and we stopped inserting them.
I think makepkg -g generated the sha1's by default for a while
More information about the arch-dev-public
mailing list