[gdal-dev] checksums for source releases

Ben Elliston ben.elliston at anu.edu.au
Tue Jun 12 16:20:24 PDT 2018

Previous message (by thread): [gdal-dev] checksums for source releases
Next message (by thread): [gdal-dev] checksums for source releases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13/06/18 09:18, Even Rouault wrote:

> The checksum is more intended to check that there wasn't an accidental
> corruption in the transportation of the archive (MD5 will remain safe forever
> for detecting that), rather than an attempt to forge an hostile archive. In
> which case, we should also sign the checksum...

Or just sign the tarballs. :-)

Ben

Previous message (by thread): [gdal-dev] checksums for source releases
Next message (by thread): [gdal-dev] checksums for source releases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the gdal-dev mailing list