Am 01.12.2017 um 00:55 schrieb kardan: > On Thu, 30 Nov 2017 23:26:31 +0100 > "Tomas Hajny" <xhaj...@hajny.biz> wrote: > >> Checksums may indeed be created / calculated rather easily. However, >> that is not enough. The checksums must get to the end user in secured >> way as well, otherwise it makes no sense. What is the appropriate >> mechanism for that from your point of view? Just listing on our WWW >> pages (since these may be accessed via HTTPS to avoid modification on >> the way) and copying the checksum to the WWW pages with links >> (somewhat time-consuming, unfortunately, due to many download pages >> and many files - I guess that we may provide you with a possibility >> to do this for the next release if you like ;-) )? Or having a signed >> (how - which trusted signature source?) checksum file accompanying >> each and every released file (cluttering the release directories >> considerably)? Or? > > This is part of one of my install scripts for latest vagrant: > > VAGRANT_DEB=https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_i686.deb > VAGRANT_SUMS=https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_SHA256SUMS > until [ \ > "$(sha256sum vagrant_2.0.1_i686.deb)" = \ > "$(curl -s $VAGRANT_SUMS|grep $(basename $VAGRANT_DEB))" ] > do wget -c $VAGRANT_DEB; done > sudo dpkg -i $(basename $VAGRANT_DEB)
And? FPC is not debian/linux only. _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
