On Thu, Sep 24, 2009 at 11:09 AM, Graham Leggett <minfrin@sharp.fm> wrote:
> Guenter Knauf wrote:
>
> >>>> Can you point out where this is documented?
> >>> I'll try to dig that up.
> >> If you can, please.
> > I think what I meant were the pointers on the download side:
> > http://httpd.apache.org/download.cgi
> > see down last sentence - however its not explained how to check
> > automatically; but I volunteer to add a section for this.
>
> The last sentence just says that md5 signatures are used, and suggests
> software that might be used to verify md5 signatures, no mention is made
> at all as to the format of the md5 files.
>
> As the roll.sh script is the current authoritative mechanism for how md5
> signatures are created, and roll.sh makes no guarantee as to the format
> of the md5 file, all claims made to date that the signatures are in the
> wrong format are therefore false.
>
Expectations of n users trump some the behavior of a helper script used by a
few people, for our rather huge values of n.
(And sure, roll.sh should get smarter.)
|