On 11 March 2013 20:17, Owen O'Malley <omal...@apache.org> wrote: > On Sun, Mar 10, 2013 at 8:13 PM, sebb <seb...@gmail.com> wrote: > > The ambari-1.2.1-incubating.tar.gz.mds file is wrong; there should be >> separate files for each hash type. >> Normally only MD5 and SHA are provided. >> > > In what way are they "wrong?" It is a perfectly well defined output format > that is the preferred one for Ambari. Depending on MD5 or even SHA1 for > tamper detection is in fact wrong.
[So why are those two in the mds file?!] But that's not the primary intention of the hashes anyway; hashes are intended for checking that a download has succeeded. Proper tamper detection requires signatures. > -- Owen --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org