Devrim GÜNDÜZ <[email protected]> writes: > On Wed, 2010-10-13 at 13:34 -0400, Steve Singer wrote: > >> I've repackaged 1.2.21 and 2.0.5 to include the man1 and man7 >> directories and updated the files on the downloads site. > > Now we have 2 different tarballs around having different md5sums, or > so...
I'm not thrilled with that, but our process of generating the md5sums is pretty "open"; it's literally a make target. If we truly want strong checksums, then I think we'd want to formalize the use of GPG signatures. That's a bigger step than seems reasonable. If someone's *really* that concerned about the provenance of the code, I imagine they might want to check their own copy of the git repo and generate a tarball themselves, in which case what we produce isn't of much value anyways. If someone was really excited about needing to sign everything, then maybe we should consider that path, but nobody's pointed at it as an issue thus far... -- let name="cbbrowne" and tld="afilias.info" in name ^ "@" ^ tld;; Christopher Browne "Bother," said Pooh, "Eeyore, ready two photon torpedoes and lock phasers on the Heffalump, Piglet, meet me in transporter room three" _______________________________________________ Slony1-general mailing list [email protected] http://lists.slony.info/mailman/listinfo/slony1-general
