I know it’s policy, but why exactly do we have to provide checksum files when the asc file is a already a checksum (and most likely based on SHA256 or 512 anyways)?
On Thu, Aug 15, 2019 at 04:03, sebb <[email protected]> wrote: > I have had to fix several download pages recently because they > referred to sha512 instead of sha256. > > Please would RMs double-check that the pom has the correct setting and > that the generated download_xyz.xml file corresponds with the file > names? > > In future, I think the hash setting should *always* be specified in > the pom, rather than relying on a default (*) > How does one know whether the setting is missing by accident or design? > (It does not help that the default has been changed twice fairly recently) > > > Sebb. > (*) IMO built-in defaults should only be used for values that are > almost always correct, i.e. where it is unusual to see a different > value. Defaults should never be changed. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Matt Sicker <[email protected]>
