[arch-dev-public] sha1sums in PKGBUILDs
allan at archlinux.org
Thu Nov 6 11:06:56 EST 2008
Aaron Griffin wrote:
> On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <thayer at archlinux.org> wrote:
>> On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>> On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <thayer at archlinux.org> wrote:
>>>> Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I
>>>> adopted. Are we adopting a new policy toward sha1sums? Did I miss
>>>> the memo?
>>> Which packages? I think it's technically fine as long as the md5sums
>>> are still there. If it's just sha1sums then I think the previous
>>> maintainer may have been feeling frisky
>> They did contain both types of hashes...I believe it was streamripper
>> and numlockx. So it was just a case of someone thinking of future
>> validation methods?
> Well, I believe makepkg checks both if they both exist. It was someone
> being absolutely certain that the file is what we say it is 8)
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums
and they will all be checked by makepkg.
More information about the arch-dev-public