On 07-20 20:52, garbeam wrote:
Could the releasers please start providing checksums (or PGP signatures) for releases?
We coped very well without it for many years, why is the lack of md5 files a concern now?

I always wondered if this had been discussed and rejected or just never thought about.

Seems pretty helpful for some basic verification. Also seems good practive in the FLOSS world. Plus there have been cases of pwned and backdoor'd FLOSS repositories/releases.

Anyhow, I'm fine to create md5 files for all downloadable tar.gz's that you can check the integrity.

Cool! Tough SHA(1|256) seem more reasonable to me. :)

--
ilf

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
                -- Eine Initiative des Bundesamtes für Tastaturbenutzung

Attachment: signature.asc
Description: Digital signature

Reply via email to