On Thu, 15 Aug 2019 at 14:50, Matt Sicker wrote:
>
> I know it’s policy, but why exactly do we have to provide checksum files
> when the asc file is a already a checksum (and most likely based on SHA256
> or 512 anyways)?
I assume because it's harder to validate a sig; the hash is better than not
I know it’s policy, but why exactly do we have to provide checksum files
when the asc file is a already a checksum (and most likely based on SHA256
or 512 anyways)?
On Thu, Aug 15, 2019 at 04:03, sebb wrote:
> I have had to fix several download pages recently because they
> referred to sha512 in
I have had to fix several download pages recently because they
referred to sha512 instead of sha256.
Please would RMs double-check that the pom has the correct setting and
that the generated download_xyz.xml file corresponds with the file
names?
In future, I think the hash setting should *always*
