Closed Chocobo1 closed 6 years ago
And since the released binaries are not digitally signed, choosing a good hash is rather important to verify its integrity.
They are gpg signed. But I don't object in using sha256.
They are gpg signed. But I don't object in using sha256.
Me had a brain fart. Thanks for the approval.
Also, on fosshub, the MD5 & SHA1 is still being displayed, although no harm, yet you might want to remove it.
Also, on fosshub, the MD5 & SHA1 is still being displayed, although no harm, yet you might want to remove it.
It is autogenerated. I'll suggest to them to also calculate the sha256sum.
It is autogenerated. I'll suggest to them to also calculate the sha256sum.
No need, the sha2-256 is already on there. For me, MD5 & SHA1 seems redundant when sha256 is already provided.
@sledgehammer999 I think it's better to deprecate SHA1 now (in favor of SHA2-256), a crafted collision had been found some time ago: https://shattered.io/ And since the released binaries are not digitally signed, choosing a good hash is rather important to verify its integrity.
Also, I added the hashes for tar packages and some style fixes.