[gdal-dev] checksums for source releases
Even Rouault
even.rouault at spatialys.com
Tue Jun 12 16:18:34 PDT 2018
On mercredi 13 juin 2018 09:02:00 CEST Ben Elliston wrote:
> The source download page:
> https://trac.osgeo.org/gdal/wiki/DownloadSource
>
> .. gives MD5 checksums for the source releases. Starting with 2.3.1, can
> I suggest we start using SHA256 instead of the long-broken MD5?
The checksum is more intended to check that there wasn't an accidental
corruption in the transportation of the archive (MD5 will remain safe forever
for detecting that), rather than an attempt to forge an hostile archive. In
which case, we should also sign the checksum...
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
More information about the gdal-dev
mailing list