You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Robbie Gemmell <ro...@gmail.com> on 2017/08/31 14:40:47 UTC
Re: [DISCUSS] release checksum filename extension
To follow up on this again, the policy was recently updated to require
that the checksum extensions relate to their content, i.e for a
SHA-512 checksum we must now use .sha512.
I've made the change for the proton-j bits I just opened for vote.
When thats getting posted to the site, I'm toying with copying the
.sha checksum files on the other current releases and just updating
the site for all of them at the same time to save doing them
individually later.
As an aside, I have updated OS recently and still dont have a general
shasum program, just sha512sum etc. There looks to be a perl extension
that provides a general version, it could be that which was being
referenced below, but it doesnt seem to be a default thing so I like
the change to use .sha512.
Robbie
On 7 March 2017 at 23:24, Robbie Gemmell <ro...@gmail.com> wrote:
> Thats probably where the key difference lies - I dont have the general
> shasum, only specific sha[1|224|256|384|512]sum variants that do
> complain when given the 'wrong' thing. I'm long overdue an update to
> an up to date OS so that probably explains that. It makes sense they
> should be able to look at whats there and attempt to verify as seems
> appropriate.
>
> My suggestion to change wasnt really to say that there is an implied
> particular choice for .sha, just that given we are changing things we
> should make them consistent the distribution policy and each other
> while doing so.
>
> On 7 March 2017 at 23:04, Justin Ross <ju...@gmail.com> wrote:
>> I will change the qpid-python .sha file to SHA-512. And I wouldn't have
>> objected to using .sha512 if Robbie had felt like going against the grain.
>>
>> FWIW, before I made the change to SHA-256 and .sha, I tested that Fedora's
>> 'shasum' does not require extra options to check such files. It seems to
>> figure it out on its own. In some cursory poking around, I haven't found
>> anything that says .sha indicates any particular SHA hash function.
>>
>> On Tue, Mar 7, 2017 at 10:19 AM, Robbie Gemmell <ro...@gmail.com>
>> wrote:
>>
>>> ;)
>>>
>>> I decided to go with the guideline and created a SHA512 file with .sha
>>> extension. We can make it clear on the website that its SHA512. Folks
>>> doing it blind will just have to try it, or look at the content to
>>> figure it out.
>>>
>>> Given the name is 'correct', I'd probably regenerate the qpid-python
>>> checksum using SHA512. We could also just leave it alone this time
>>> since it only says you SHOULD use SHA512.
>>>
>>> On 7 March 2017 at 18:05, Rob Godfrey <ro...@gmail.com> wrote:
>>> > To be fair that page says nothing about how to name SHA256 checksums :-),
>>> > only that we SHOULD be creating SHA512 checksums named .sha.
>>> >
>>> > So, I'm +1 on naming the SHA256 .sha256 ... and it seems like the Python
>>> > release really shouldn't name a SHA256 file .sha as by the above that
>>> > extension should be reserved for SHA512.
>>> >
>>> > -- Rob
>>> >
>>> > On 7 March 2017 at 18:34, Timothy Bish <ta...@gmail.com> wrote:
>>> >
>>> >> On 03/07/2017 12:23 PM, Robbie Gemmell wrote:
>>> >>
>>> >>> According to http://www.apache.org/dev/release-distribution.html#sigs-
>>> >>> and-sums
>>> >>> .sha is actually required:
>>> >>>
>>> >>> "An SHA checksum SHOULD also be created and MUST be suffixed .sha. The
>>> >>> checksum SHOULD be generated using SHA512."
>>> >>>
>>> >>> I find the extension a little unhelpful personally, but ok.. :)
>>> >>>
>>> >>
>>> >> I would have voted for .sha256 for clarity
>>> >>
>>> >>
>>> >>> Robbie
>>> >>>
>>> >>> On 7 March 2017 at 17:11, Robbie Gemmell <ro...@gmail.com>
>>> >>> wrote:
>>> >>>
>>> >>>> Hi folks,
>>> >>>>
>>> >>>> I noted in the qpid-python-1.36.0 vote thread that the .sha file
>>> >>>> contained a sha256 checksum, this being in place of the historic .sha1
>>> >>>> checksum file.
>>> >>>>
>>> >>>> I'm curious what people think about the name relative to the contents?
>>> >>>> I think .sha256 might be friendlier so that people know how to try and
>>> >>>> verify it implicitly from its name?
>>> >>>>
>>> >>>> I mainly ask as I think I'll include one for the proton-j-0.18.0
>>> >>>> release im about to cut, and am trying to settle on a name for it.
>>> >>>>
>>> >>>> Robbie
>>> >>>>
>>> >>> ---------------------------------------------------------------------
>>> >>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>>> >>> For additional commands, e-mail: users-help@qpid.apache.org
>>> >>>
>>> >>>
>>> >>>
>>> >>
>>> >> --
>>> >> Tim Bish
>>> >> twitter: @tabish121
>>> >> blog: http://timbish.blogspot.com/
>>> >>
>>> >>
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>>> >> For additional commands, e-mail: users-help@qpid.apache.org
>>> >>
>>> >>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>>> For additional commands, e-mail: users-help@qpid.apache.org
>>>
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org