On Thu, Nov 6, 2008 at 10:49 AM, Aaron Griffin <[EMAIL PROTECTED]> wrote: > On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <[EMAIL PROTECTED]> wrote: >> On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <[EMAIL PROTECTED]> wrote: >>> On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <[EMAIL PROTECTED]> wrote: >>>> Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I >>>> adopted. Are we adopting a new policy toward sha1sums? Did I miss >>>> the memo? >>> >>> Which packages? I think it's technically fine as long as the md5sums >>> are still there. If it's just sha1sums then I think the previous >>> maintainer may have been feeling frisky >> >> They did contain both types of hashes...I believe it was streamripper >> and numlockx. So it was just a case of someone thinking of future >> validation methods? > > Well, I believe makepkg checks both if they both exist. It was someone > being absolutely certain that the file is what we say it is 8) >
Numlockx was mine back in the day. There was a push toward sha1sums a while back, and then we realized we didn't really need them so there was an anti-push and we stopped inserting them. I think makepkg -g generated the sha1's by default for a while
