Hi, Am 13.10.2010 um 22:29 schrieb Rimas Kudelis: > 2010.10.13 20:30, "Dr. Peter Pöml" rašė: >> You find the md5 (and other hashes) on the "origin" download server: >> http://download.documentfoundation.org/libreoffice/testing/3.3.0-beta2/deb/x86/LibO_3.3.0_beta2_Linux_x86_install-deb_en-US.tar.gz.mirrorlist > <...> >>> Would it be possible to put up an md5sum file similar to: >>> http://download.openoffice.org/md5sums/3.2.1_md5sums.txt >>> so that downloads can be checked? >> I would generally recommend to use a hash from the download server for >> reference, and not from a mirror. >> >> The crypto hashes need to be made more present on the download page. Sorry >> that you had to look so hard, I hope we can improve on this soon! > > I still think we should provide md5 hashes for download on the mirrors > too. That place is pretty convenient, many would expect md5sums to be > there, so I don't see a reason not to do that.
Well, I think that in the first place the hashes should be provided in a well-visible place for the user, which is on the download page (not necessarily displayed there, but linked there. That's the point that everybody passes. And people shouldn't have to search hard (or ask around) for this info. Only few people will look directly on a mirror. And with all files on mirrors there's the security issue. Peter -- To unsubscribe, e-mail to [email protected] All messages you send to this list will be publicly archived and cannot be deleted. List archives are available at http://www.documentfoundation.org/lists/mirrors/
