Nick Rout schreef: > > I agree it is necessary when doing something in your overlay. It > seems most people who post to bugs.gentoo.org do not post a digest > file. Perhaps they should.
Sometimes people do, but iirc this is discouraged by the dev team. Don't know why, but I know if I use an overlay ebuild, the tarball is downloaded when the digest is made (thus the md5 is taken directly from the tarball after downloading). I don't really think I'd want to rely on some unknown person's digest from a download that may not be the same as mine for whatever reason. At least this way I can confirm the tarball is from the legitimate source (by watching the wget output), and if necessary, compare the digest md5 with the md5 on the tarball's homepage (usually available). Having a digest from an 'untrusted source' (it's unofficial, after all) would encourage me to trust sources I shouldn't just trust by default, and I don't want to get into a bad habit like that. Holly -- gentoo-user@gentoo.org mailing list
