On mercredi 13 juin 2018 09:02:00 CEST Ben Elliston wrote:
> The source download page:
> https://trac.osgeo.org/gdal/wiki/DownloadSource
> .. gives MD5 checksums for the source releases. Starting with 2.3.1, can
> I suggest we start using SHA256 instead of the long-broken MD5?

The checksum is more intended to check that there wasn't an accidental 
corruption in the transportation of the archive (MD5 will remain safe forever 
for detecting that), rather than an attempt to forge an hostile archive. In 
which case, we should also sign the checksum...


Spatialys - Geospatial professional services
gdal-dev mailing list

Reply via email to