On 2019-08-05 11:41:34 +0200 (+0200), Bastian Blank wrote: > On Sun, Aug 04, 2019 at 10:05:32PM +0100, Chris Boot wrote: > > On 04/08/2019 17:29, Bastian Blank wrote: [...] > > > No, don't. Use base64 like everyone else. > > > > I strongly disagree with this. Practically everyone else uses > > hexadecimal for plain checksums. A GPG signature is its own > > thing but is (generally) plaintext (I'm assuming clearsign). > > This is what we (as in the project) use for the archive and for > > ISOs. > > Everything current switches to base64. It's shorter and easier to > see changes. Hex only survives where people tend to read it.
You mentioned Kubernetes (which I haven't really used so have yet to notice), but who else's "current" software encodes checksums in base64 besides the Kubernetes ecosystem? I'm honestly curious as I still only ever see checksums in hexidecimal notation. The sha512sum(1) manpage makes no mention of having support for verifying base64-encoded checksums, for example. There's something to be said for sticking with traditional standards; newer is not always better. -- Jeremy Stanley
