Hi Simon,
Simon Josefsson <[email protected]> writes: > Rutherther <[email protected]> writes: > >> Hi Simon, >> >> Simon Josefsson <[email protected]> writes: >> >>> Would you consider adding SHA3-256 checksums to announcements too? >> >> Sure, that is no problem, especially if a script is already made for >> this, I wasn't aware of it. > > What script was used to prepare your release announcement? Maybe Guix > warrants its own custom script rather than gnulib's announce-gen, but > some inspiration from a recent announcement may be useful: No script :) I wasn't aware of such scripts and it did not seem worth it doing such scripts for just two e-mails. > > https://lists.gnu.org/archive/html/bug-inetutils/2025-12/msg00017.html > > The actual wording isn't the important part, and some of this are > opinonated but the important part are: > > 1) Direct URLs > > 2) SHA256 and SHA3-256 checksums. Format to use is somewhat > opinionated, but the information is the important aspect. We can add sha3-256, I think previous releases also had only SHA256, but I think it's fine to add it newly. Are you aware of a Guix package that is able to calculate these hashes? I see that coreutils 9.8 has this, but Guix has 9.1. Maybe rhash with --sha3-256 argument? > > 3) Some explanation what the URLs and files actually are, like you > already have, including commands for verification. Maybe we can also link the manual pages for installation of Guix. As for commands for verification, could you elaborate on that? Do you mean verification of the hashes, signatures, or like if someone wants to reproduce them themselves? > > 4) How to get signing keys. > > 5) SBOM info, maybe just Guix commit id? Good point, we can include the commit ids. Rutherther
