Aaron Griffin wrote:
On Thu, Nov 6, 2008 at 9:37 AM, Thayer Williams <[EMAIL PROTECTED]> wrote:
On Thu, Nov 6, 2008 at 7:28 AM, Aaron Griffin <[EMAIL PROTECTED]> wrote:
On Thu, Nov 6, 2008 at 12:35 AM, Thayer Williams <[EMAIL PROTECTED]> wrote:
Tonight I noticed the presence of sha1sums in a couple of PKGBUILDs I
adopted. Are we adopting a new policy toward sha1sums? Did I miss
the memo?
Which packages? I think it's technically fine as long as the md5sums
are still there. If it's just sha1sums then I think the previous
maintainer may have been feeling frisky
They did contain both types of hashes...I believe it was streamripper
and numlockx. So it was just a case of someone thinking of future
validation methods?
Well, I believe makepkg checks both if they both exist. It was someone
being absolutely certain that the file is what we say it is 8)
In fact you can have all of md5, sha1, sha256, sha384 and sha512 sums
and they will all be checked by makepkg.
