On Fri, 30 Nov 2012, Roman Shaposhnik wrote:
Date: Fri, 30 Nov 2012 03:05:15 +0100
From: Roman Shaposhnik <r...@apache.org>
To: general@incubator.apache.org, infrastruct...@apache.org
Subject: Re: Formats of SHA/MD5 checksums
Sender: shaposh...@gmail.com
On Sun, Nov 25, 2012 at 9:29 PM, Roman Shaposhnik <r...@apache.org> wrote:
On Tue, Nov 20, 2012 at 3:50 PM, sebb <seb...@gmail.com> wrote:
Personally, I find it difficult to verify the GPG generated checksums.
Ditto. It's particularly awkward when the hash is wrapped over several lines.
I ended up writing a Perl script to handle all the variations.
If I'm not alone perhaps we should discourage the use of this
format and modify the release FAQ page.
+1
Question: how do we go about discouraging it then? Do we need a vote
to modify the content of:
http://www.apache.org/dev/release-signing#md5
I assume 'it' is md5 cheksum files generated with
gpg --print-md MD5 [fileName] > [fileName].md5
I am +1 on suggesting (on that page) a 'normal' form for
the content of a .md5 file.
I am definitedly -1 on removing the gpg line above, or
suggesting that only one form of .md5 files is allowed.
The reason given "I ended up writing a Perl script" doesn't
make sense ; .md5 files come in many forms but the algorithm
to verify is the same for all of them (there are no 'variations.') :
verify (checksum md5, .md5-file fff) :
-- tmp = lowercase cat fff
-- md5 = lowercase cat md5
-- squeeze non-hex ([^a-f0-9]) out of tmp (and md5)
-- match md5 ~ tmp
HPP
------------------------------------------------------------ _
Henk P. Penning, ICT-beta R Uithof WISK-412 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org