[arch-dev-public] sha1sums in PKGBUILDs
Allan McRae
allan at archlinux.org
Thu Nov 6 11:06:56 EST 2008
Aaron Griffin wrote:
> On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer at archlinux.org> wrote:
>
>> On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>
>>> On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer at archlinux.org> wrote:
>>>
>>>> Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I
>>>> adopted. Are we adopting a new policy toward sha1sums? Did I miss
>>>> the memo?
>>>>
>>> Which packages? I think it's technically fine as long as the md5sums
>>> are still there. If it's just sha1sums then I think the previous
>>> maintainer may have been feeling frisky
>>>
>> They did contain both types of hashes...I believe it was streamripper
>> and numlockx. So it was just a case of someone thinking of future
>> validation methods?
>>
>
> Well, I believe makepkg checks both if they both exist. It was someone
> being absolutely certain that the file is what we say it is 8)
>
>
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums
and they will all be checked by makepkg.
More information about the arch-dev-public
mailing list