On 2017-11-30 22:26, Tomas Hajny wrote:
Checksums may indeed be created / calculated rather easily. However, that
is not enough. The checksums must get to the end user in secured way as
well, otherwise it makes no sense.
As the saying goes... Take a page from the playbook of FreeBSD or any
Linux distro for that matter.
http://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.1/
or
http://www.mirrorservice.org/sites/releases.ubuntu.com/17.10/
In summary, a single CHECKSUM file listing each file and its related
checksum. This is a standard layout that many tools can handle and can
be used to verify many files in one go. There are tools that can
generate these complete files too.
On a side note:
MD5 and SHA1 is loosing popularity (but still better than nothing).
SHA256 or SHA512 should now be the norm.
Regards,
Graeme
--
fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal
http://fpgui.sourceforge.net/
My public PGP key: http://tinyurl.com/graeme-pgp
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
