Hi Collin,
Like in previous discussions around announce-gen, I find it important that
if
- Verifying requires a special command that is not easy to remember
or
- Verifying requires special tools that do not exist on all systems
we tell the user how to verify the checksum.
As I understand it, after this output
> [...]
> Here are the SHA256 and SHA3-256 checksums:
>
> File: coreutils-9.9.35-cf973.tar.gz
> SHA256 sum:
> b5662c336a6bcf03e3d69f5cd53d27a03c51293162c525a6657e6dccf67a716f
> SHA3-256 sum:
> 16057652e0d2bfe53751df5f75203999644641867d0802b1df06021e24e6dcbb
>
> File: coreutils-9.9.35-cf973.tar.xz
> SHA256 sum:
> 06486a09ac5e2884f9d56b4fef77ee8dae5e91961be030e13f387cf2ec76825a
> SHA3-256 sum:
> 6c3fe41615ff3b5b90f5c887510ca03daf18ca8b5306b9ac5790e8fb8f72015f
> [...]
we should state:
Verify the SHA256 checksum with the sha256sum or sha256 program.
Verify the SHA3-256 checksum with cksum -a sha3 --check
from coreutils-9.8.
(Previously, this note was omitted, because we assumed that the user can
find the sha1sum and sha256sum programs without extra help.)
Bruno
