On 2017/06/16 22:55, John Reiser wrote:
On 06/16/2017 06:31 AM, Zhiming Wang wrote:
By the way, just a suggestion, maybe you could publish the
SHA-256 checksums of release tarballs instead of MD5?
Please also publish the exact length in bytes.
This is worth _more_ than expanding the width of the checksum,
because it is easier (much easier) to produce checksum collisions
by extending the length.
It's not signed (by PGP/GPG, for example), is it? I realized that it is
not.(!)
(I saw no trace of signature files for verification on my local PC.)
I know all the pitfalls of signing by open keys, but it still adds a
layer of confidence, much better than a single checksum as noted above.
Thank you again for sharing a great piece of software.
TIA
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Valgrind-users mailing list
Valgrind-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/valgrind-users
