add chkdigest.pl to download.xml

[Guenter Knauf]

Hi,
I'd like to add:
http://people.apache.org/~fuankg/chkdigest/
as a cross-platform tool for verifying checksums to the last section on 
download.xml - any thoughts?


Gün.

Re: add chkdigest.pl to download.xml

[Jeff Trawick]

On Sun, May 15, 2011 at 4:26 PM, Guenter Knauf fua...@apache.org wrote:
 Hi,
 I'd like to add:
 http://people.apache.org/~fuankg/chkdigest/
 as a cross-platform tool for verifying checksums to the last section on
 download.xml - any thoughts?

I wonder what checks the digest of chkdigest.pl? (or can it be more
trusted for some reason I'm not thinking of?)

Re: add chkdigest.pl to download.xml

[Graham Leggett]

On 15 May 2011, at 10:26 PM, Guenter Knauf wrote:


I'd like to add:
http://people.apache.org/~fuankg/chkdigest/
as a cross-platform tool for verifying checksums to the last section  
on download.xml - any thoughts?


The simplest way to check the checksum is to, using the operating  
system of choice, copy the output from md5sum (or local tool of  
choice) on the binary downloaded, and paste this into the find  
functionality of the web browser of choice while displaying the md5  
checksum of the file as published by us. If the md5 hashes match, the  
find will be successful.


This mechanism relies on software already present on and trusted by  
the end user's computer (within reason), and is simple to understand  
without introducing trust on a new tool.


Regards,
Graham
--