I demand that Toni Mueller may or may not have written... > On 02/18/2012 11:48 AM, Thomas Koch wrote: >> What about a debhelper script that receives an URL (or set of mirror >> URLs) and a SHA1 and does the download and check?
> If you're going this way, try to peek at the *BSD's ports systems, > specifically their 'distinfo' files. SHA1 is not enough, imho. For *xine* releases, I use MD5, SHA1 and SHA256. The hashes are then signed using gpg. That's mainly for others, though; I Don't Need to check them when doing packaging work for Debian. -- | _ | Darren Salt, using Debian GNU/Linux (and Android) | ( ) | | X | ASCII Ribbon campaign against HTML e-mail | / \ | http://www.asciiribbon.org/ A clean, neat, desk is a sign of a very sick mind. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526d2783f4%li...@youmustbejoking.demon.co.uk