Hi, Graham Leggett schrieb: > As the roll.sh script is the current authoritative mechanism for how md5 > signatures are created, and roll.sh makes no guarantee as to the format > of the md5 file, all claims made to date that the signatures are in the > wrong format are therefore false. agreed, but the roll.sh is currently weak since the final format depends entirely on who does a release on what machine - see here: http://www.apache.org/dist/httpd/httpd-2.2.13.tar.bz2.md5 IIRC that was Jim doing this release ... http://httpd.apache.org/dev/dist/httpd-2.2.14.tar.bz2.md5 and that's now what you generated ...
I think we should allways provide same format, be it the openssl one if thats really the preferred, or the md5(sum) / sha1(sum) one... and we should document somewhere how to verify automatically. Gün.