Return-Path: X-Original-To: apmail-incubator-general-archive@www.apache.org Delivered-To: apmail-incubator-general-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BFD39D3BA for ; Sun, 2 Dec 2012 09:42:45 +0000 (UTC) Received: (qmail 49818 invoked by uid 500); 2 Dec 2012 09:42:44 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 49529 invoked by uid 500); 2 Dec 2012 09:42:44 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Delivered-To: moderator for general@incubator.apache.org Received: (qmail 63815 invoked by uid 99); 30 Nov 2012 09:09:02 -0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of penning@uu.nl designates 131.211.14.244 as permitted sender) Date: Fri, 30 Nov 2012 10:08:33 +0100 From: "Henk P. Penning" X-X-Sender: penni101@csstaff.science.uu.nl To: Roman Shaposhnik CC: , Subject: Re: Formats of SHA/MD5 checksums In-Reply-To: Message-ID: References: User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII"; format=flowed X-Originating-IP: [131.211.6.199] X-Virus-Checked: Checked by ClamAV on apache.org On Fri, 30 Nov 2012, Roman Shaposhnik wrote: > Date: Fri, 30 Nov 2012 03:05:15 +0100 > From: Roman Shaposhnik > To: general@incubator.apache.org, infrastructure@apache.org > Subject: Re: Formats of SHA/MD5 checksums > Sender: shaposhnik@gmail.com > On Sun, Nov 25, 2012 at 9:29 PM, Roman Shaposhnik wrote: >> On Tue, Nov 20, 2012 at 3:50 PM, sebb wrote: >>>> Personally, I find it difficult to verify the GPG generated checksums. >>> >>> Ditto. It's particularly awkward when the hash is wrapped over several lines. >>> >>> I ended up writing a Perl script to handle all the variations. >>> >>>> If I'm not alone perhaps we should discourage the use of this >>>> format and modify the release FAQ page. >>> >>> +1 >> >> Question: how do we go about discouraging it then? Do we need a vote >> to modify the content of: >> http://www.apache.org/dev/release-signing#md5 I assume 'it' is md5 cheksum files generated with gpg --print-md MD5 [fileName] > [fileName].md5 I am +1 on suggesting (on that page) a 'normal' form for the content of a .md5 file. I am definitedly -1 on removing the gpg line above, or suggesting that only one form of .md5 files is allowed. The reason given "I ended up writing a Perl script" doesn't make sense ; .md5 files come in many forms but the algorithm to verify is the same for all of them (there are no 'variations.') : verify (checksum md5, .md5-file fff) : -- tmp = lowercase cat fff -- md5 = lowercase cat md5 -- squeeze non-hex ([^a-f0-9]) out of tmp (and md5) -- match md5 ~ tmp HPP ------------------------------------------------------------ _ Henk P. Penning, ICT-beta R Uithof WISK-412 _/ \_ Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \ Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/ http://www.staff.science.uu.nl/~penni101/ M penning@uu.nl \_/ --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org