FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Packaging

 
 
LinkBack Thread Tools
 
Old 04-02-2011, 04:51 AM
Garrett Holmstrom
 
Default Review guidelines source checksum algorithm

The main review guidelines page [1] specifically requires that one use
md5sum to compare packages' tarballs against those from upstream. Is it
necessary to require a specific algorithm? If so, should it still be
MD5 in this day and age?

[1] http://fedoraproject.org/wiki/Packaging:ReviewGuidelines
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 04-02-2011, 11:35 AM
Björn Persson
 
Default Review guidelines source checksum algorithm

Garrett Holmstrom wrote:
> The main review guidelines page [1] specifically requires that one use
> md5sum to compare packages' tarballs against those from upstream. Is it
> necessary to require a specific algorithm? If so, should it still be
> MD5 in this day and age?

Why use checksums at all when diff works just fine?

Björn Persson
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 
Old 04-02-2011, 02:58 PM
Michael Schwendt
 
Default Review guidelines source checksum algorithm

On Sat, 2 Apr 2011 13:35:43 +0200, Björn wrote:

> Garrett Holmstrom wrote:
> > The main review guidelines page [1] specifically requires that one use
> > md5sum to compare packages' tarballs against those from upstream. Is it
> > necessary to require a specific algorithm? If so, should it still be
> > MD5 in this day and age?

The guidelines say "should" not "MUST". An attempt at making clear that
the reviewer (and the packager) should actually run some tool to compare
the included tarball with upstream's. Else some reviewers would just
compare the file name or check that the URL is valid, but not compare
any tarballs.

sha256sum would be fine, too, of course.

> Why use checksums at all when diff works just fine?
>
> Björn Persson

Sure, binary diff (byte-wise comparison I guess) is fine, too.
--
packaging mailing list
packaging@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/packaging
 

Thread Tools




All times are GMT. The time now is 09:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org