But how does one validate it? I just wrote a dumb script to concatenation, remove whitespace, lowercase and then pass to "sha512sum -c." I've never seen anyone provide SHAs in that format. I wouldn't expect many people to know how to use them. Why can't we use the good old GNU coreutils style?
Darren On Wed, Oct 23, 2013 at 7:14 PM, John Kinsella <j...@stratosec.co> wrote: > This is the output of gpg -v --print-md SHA512, generated as part of the > release procedure [1] by tools/build/build_asf.sh > > 1: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Release+Procedure > > > On Oct 17, 2013, at 7:56 PM, Darren Shepherd <darren.s.sheph...@gmail.com> > wrote: > >> The hashes that are on c.a.o for the releases have a format like >> >> http://www.apache.org/dist/cloudstack/releases/4.2.0/apache-cloudstack-4.2.0-src.tar.bz2.sha >> >> apache-cloudstack-4.2.0-src.tar.bz2: CC487DF3 7E7B6800 F9DC05A3 5B72DEFD >> 684E0094 F1666F57 5D694916 CF74ED98 >> 9D7CDF35 4021D3C5 8BFD4BB9 39AB02CD >> EA82D42C 78880EDB 04F2532A 61376537 >> >> I've never seen this. Is this some hip new format I'm not aware of, >> and I'm the uncool kid still using GNU coreutils? >> >> Darren > > >