commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [ALL] Problems with default download page hash types
Date Thu, 15 Aug 2019 14:03:14 GMT
On Thu, 15 Aug 2019 at 14:50, Matt Sicker <boards@gmail.com> wrote:
>
> I know it’s policy, but why exactly do we have to provide checksum files
> when the asc file is a already a checksum (and most likely based on SHA256
> or 512 anyways)?

I assume because it's harder to validate a sig; the hash is better than nothing.

> On Thu, Aug 15, 2019 at 04:03, sebb <sebbaz@gmail.com> wrote:
>
> > I have had to fix several download pages recently because they
> > referred to sha512 instead of sha256.
> >
> > Please would RMs double-check that the pom has the correct setting and
> > that the generated download_xyz.xml file corresponds with the file
> > names?
> >
> > In future, I think the hash setting should *always* be specified in
> > the pom, rather than relying on a default (*)
> > How does one know whether the setting is missing by accident or design?
> > (It does not help that the default has been changed twice fairly recently)
> >
> >
> > Sebb.
> > (*) IMO built-in defaults should only be used for values that are
> > almost always correct, i.e. where it is unusual to see a different
> > value. Defaults should never be changed.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
> > --
> Matt Sicker <boards@gmail.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message