qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Ross <justin.r...@gmail.com>
Subject Re: [DISCUSS] release checksum filename extension
Date Tue, 07 Mar 2017 23:04:44 GMT
I will change the qpid-python .sha file to SHA-512.  And I wouldn't have
objected to using .sha512 if Robbie had felt like going against the grain.

FWIW, before I made the change to SHA-256 and .sha, I tested that Fedora's
'shasum' does not require extra options to check such files.  It seems to
figure it out on its own.  In some cursory poking around, I haven't found
anything that says .sha indicates any particular SHA hash function.

On Tue, Mar 7, 2017 at 10:19 AM, Robbie Gemmell <robbie.gemmell@gmail.com>
wrote:

> ;)
>
> I decided to go with the guideline and created a SHA512 file with .sha
> extension. We can make it clear on the website that its SHA512. Folks
> doing it blind will just have to try it, or look at the content to
> figure it out.
>
> Given the name is 'correct', I'd probably regenerate the qpid-python
> checksum using SHA512. We could also just leave it alone this time
> since it only says you SHOULD use SHA512.
>
> On 7 March 2017 at 18:05, Rob Godfrey <rob.j.godfrey@gmail.com> wrote:
> > To be fair that page says nothing about how to name SHA256 checksums :-),
> > only that we SHOULD be creating SHA512 checksums named .sha.
> >
> > So, I'm +1 on naming the SHA256 .sha256 ... and it seems like the Python
> > release really shouldn't name a SHA256 file .sha as by the above that
> > extension should be reserved for SHA512.
> >
> > -- Rob
> >
> > On 7 March 2017 at 18:34, Timothy Bish <tabish121@gmail.com> wrote:
> >
> >> On 03/07/2017 12:23 PM, Robbie Gemmell wrote:
> >>
> >>> According to http://www.apache.org/dev/release-distribution.html#sigs-
> >>> and-sums
> >>> .sha is actually required:
> >>>
> >>> "An SHA checksum SHOULD also be created and MUST be suffixed .sha. The
> >>> checksum SHOULD be generated using SHA512."
> >>>
> >>> I find the extension a little unhelpful personally, but ok.. :)
> >>>
> >>
> >> I would have voted for .sha256 for clarity
> >>
> >>
> >>> Robbie
> >>>
> >>> On 7 March 2017 at 17:11, Robbie Gemmell <robbie.gemmell@gmail.com>
> >>> wrote:
> >>>
> >>>> Hi folks,
> >>>>
> >>>> I noted in the qpid-python-1.36.0 vote thread that the .sha file
> >>>> contained a sha256 checksum, this being in place of the historic .sha1
> >>>> checksum file.
> >>>>
> >>>> I'm curious what people think about the name relative to the contents?
> >>>> I think .sha256 might be friendlier so that people know how to try and
> >>>> verify it implicitly from its name?
> >>>>
> >>>> I mainly ask as I think I'll include one for the proton-j-0.18.0
> >>>> release im about to cut, and am trying to settle on a name for it.
> >>>>
> >>>> Robbie
> >>>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> >>> For additional commands, e-mail: users-help@qpid.apache.org
> >>>
> >>>
> >>>
> >>
> >> --
> >> Tim Bish
> >> twitter: @tabish121
> >> blog: http://timbish.blogspot.com/
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> >> For additional commands, e-mail: users-help@qpid.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message