qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject Re: [DISCUSS] release checksum filename extension
Date Tue, 07 Mar 2017 23:24:46 GMT
Thats probably where the key difference lies - I dont have the general
shasum, only specific sha[1|224|256|384|512]sum variants that do
complain when given the 'wrong' thing. I'm long overdue an update to
an up to date OS so that probably explains that. It makes sense they
should be able to look at whats there and attempt to verify as seems
appropriate.

My suggestion to change wasnt really to say that there is an implied
particular choice for .sha, just that given we are changing things we
should make them consistent the distribution policy and each other
while doing so.

On 7 March 2017 at 23:04, Justin Ross <justin.ross@gmail.com> wrote:
> I will change the qpid-python .sha file to SHA-512.  And I wouldn't have
> objected to using .sha512 if Robbie had felt like going against the grain.
>
> FWIW, before I made the change to SHA-256 and .sha, I tested that Fedora's
> 'shasum' does not require extra options to check such files.  It seems to
> figure it out on its own.  In some cursory poking around, I haven't found
> anything that says .sha indicates any particular SHA hash function.
>
> On Tue, Mar 7, 2017 at 10:19 AM, Robbie Gemmell <robbie.gemmell@gmail.com>
> wrote:
>
>> ;)
>>
>> I decided to go with the guideline and created a SHA512 file with .sha
>> extension. We can make it clear on the website that its SHA512. Folks
>> doing it blind will just have to try it, or look at the content to
>> figure it out.
>>
>> Given the name is 'correct', I'd probably regenerate the qpid-python
>> checksum using SHA512. We could also just leave it alone this time
>> since it only says you SHOULD use SHA512.
>>
>> On 7 March 2017 at 18:05, Rob Godfrey <rob.j.godfrey@gmail.com> wrote:
>> > To be fair that page says nothing about how to name SHA256 checksums :-),
>> > only that we SHOULD be creating SHA512 checksums named .sha.
>> >
>> > So, I'm +1 on naming the SHA256 .sha256 ... and it seems like the Python
>> > release really shouldn't name a SHA256 file .sha as by the above that
>> > extension should be reserved for SHA512.
>> >
>> > -- Rob
>> >
>> > On 7 March 2017 at 18:34, Timothy Bish <tabish121@gmail.com> wrote:
>> >
>> >> On 03/07/2017 12:23 PM, Robbie Gemmell wrote:
>> >>
>> >>> According to http://www.apache.org/dev/release-distribution.html#sigs-
>> >>> and-sums
>> >>> .sha is actually required:
>> >>>
>> >>> "An SHA checksum SHOULD also be created and MUST be suffixed .sha. The
>> >>> checksum SHOULD be generated using SHA512."
>> >>>
>> >>> I find the extension a little unhelpful personally, but ok.. :)
>> >>>
>> >>
>> >> I would have voted for .sha256 for clarity
>> >>
>> >>
>> >>> Robbie
>> >>>
>> >>> On 7 March 2017 at 17:11, Robbie Gemmell <robbie.gemmell@gmail.com>
>> >>> wrote:
>> >>>
>> >>>> Hi folks,
>> >>>>
>> >>>> I noted in the qpid-python-1.36.0 vote thread that the .sha file
>> >>>> contained a sha256 checksum, this being in place of the historic
.sha1
>> >>>> checksum file.
>> >>>>
>> >>>> I'm curious what people think about the name relative to the contents?
>> >>>> I think .sha256 might be friendlier so that people know how to try
and
>> >>>> verify it implicitly from its name?
>> >>>>
>> >>>> I mainly ask as I think I'll include one for the proton-j-0.18.0
>> >>>> release im about to cut, and am trying to settle on a name for it.
>> >>>>
>> >>>> Robbie
>> >>>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> >>> For additional commands, e-mail: users-help@qpid.apache.org
>> >>>
>> >>>
>> >>>
>> >>
>> >> --
>> >> Tim Bish
>> >> twitter: @tabish121
>> >> blog: http://timbish.blogspot.com/
>> >>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> >> For additional commands, e-mail: users-help@qpid.apache.org
>> >>
>> >>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> For additional commands, e-mail: users-help@qpid.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message