I will change the qpid-python .sha file to SHA-512. And I wouldn't have objected to using .sha512 if Robbie had felt like going against the grain.
FWIW, before I made the change to SHA-256 and .sha, I tested that Fedora's 'shasum' does not require extra options to check such files. It seems to figure it out on its own. In some cursory poking around, I haven't found anything that says .sha indicates any particular SHA hash function. On Tue, Mar 7, 2017 at 10:19 AM, Robbie Gemmell <[email protected]> wrote: > ;) > > I decided to go with the guideline and created a SHA512 file with .sha > extension. We can make it clear on the website that its SHA512. Folks > doing it blind will just have to try it, or look at the content to > figure it out. > > Given the name is 'correct', I'd probably regenerate the qpid-python > checksum using SHA512. We could also just leave it alone this time > since it only says you SHOULD use SHA512. > > On 7 March 2017 at 18:05, Rob Godfrey <[email protected]> wrote: > > To be fair that page says nothing about how to name SHA256 checksums :-), > > only that we SHOULD be creating SHA512 checksums named .sha. > > > > So, I'm +1 on naming the SHA256 .sha256 ... and it seems like the Python > > release really shouldn't name a SHA256 file .sha as by the above that > > extension should be reserved for SHA512. > > > > -- Rob > > > > On 7 March 2017 at 18:34, Timothy Bish <[email protected]> wrote: > > > >> On 03/07/2017 12:23 PM, Robbie Gemmell wrote: > >> > >>> According to http://www.apache.org/dev/release-distribution.html#sigs- > >>> and-sums > >>> .sha is actually required: > >>> > >>> "An SHA checksum SHOULD also be created and MUST be suffixed .sha. The > >>> checksum SHOULD be generated using SHA512." > >>> > >>> I find the extension a little unhelpful personally, but ok.. :) > >>> > >> > >> I would have voted for .sha256 for clarity > >> > >> > >>> Robbie > >>> > >>> On 7 March 2017 at 17:11, Robbie Gemmell <[email protected]> > >>> wrote: > >>> > >>>> Hi folks, > >>>> > >>>> I noted in the qpid-python-1.36.0 vote thread that the .sha file > >>>> contained a sha256 checksum, this being in place of the historic .sha1 > >>>> checksum file. > >>>> > >>>> I'm curious what people think about the name relative to the contents? > >>>> I think .sha256 might be friendlier so that people know how to try and > >>>> verify it implicitly from its name? > >>>> > >>>> I mainly ask as I think I'll include one for the proton-j-0.18.0 > >>>> release im about to cut, and am trying to settle on a name for it. > >>>> > >>>> Robbie > >>>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >>> > >>> > >> > >> -- > >> Tim Bish > >> twitter: @tabish121 > >> blog: http://timbish.blogspot.com/ > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
