add sha256 files to releases
Could we generated sha256 files for the release tarballs, instead of the
md5 files that are currently generated? The packaging systems that I
surveyed that verify the checksum of the tarball (FreeBSD ports and the
like) don't use md5 anymore, so a sha256 file would be much more useful
for direct verification. For someone doing manual checking of their
download, it wouldn't make a difference if a different method is used.
We could start doing that either beginning with the 9.3 release series,
or beginning with the next set of minor releases.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Peter Eisentraut <peter_e@gmx.net> writes:
Could we generated sha256 files for the release tarballs, instead of the
md5 files that are currently generated? The packaging systems that I
surveyed that verify the checksum of the tarball (FreeBSD ports and the
like) don't use md5 anymore, so a sha256 file would be much more useful
for direct verification. For someone doing manual checking of their
download, it wouldn't make a difference if a different method is used.
md5 is still handy for Fedora/RHEL purposes --- not so much for
verification, as for a crosscheck that the upload into their lookaside
cache happened correctly (the lookaside cache is indexed by md5).
I have no objection to generating sha256 checksums in addition to the
md5 ones, though.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers