On 20 July 2011 21:11, ilf <i...@zeromail.org> wrote: > On 07-20 20:52, garbeam wrote: >>> >>> Could the releasers please start providing checksums (or PGP signatures) >>> for releases? >> >> We coped very well without it for many years, why is the lack of md5 files >> a concern now? > > I always wondered if this had been discussed and rejected or just never > thought about. > > Seems pretty helpful for some basic verification. Also seems good practive > in the FLOSS world. Plus there have been cases of pwned and backdoor'd FLOSS > repositories/releases. > >> Anyhow, I'm fine to create md5 files for all downloadable tar.gz's that >> you can check the integrity. > > Cool! Tough SHA(1|256) seem more reasonable to me. :)
Well, what you get is this from now on: http://dl.suckless.org/dwm/md5sums.txt http://dl.suckless.org/dwm/sha1sums.txt This can also be found in other directories. I hate having a sum file per tar.gz... Cheers, --garbeam