[gdal-dev] checksums for source releases
Ben Elliston
ben.elliston at anu.edu.au
Tue Jun 12 16:20:24 PDT 2018
On 13/06/18 09:18, Even Rouault wrote:
> The checksum is more intended to check that there wasn't an accidental
> corruption in the transportation of the archive (MD5 will remain safe forever
> for detecting that), rather than an attempt to forge an hostile archive. In
> which case, we should also sign the checksum...
Or just sign the tarballs. :-)
Ben
More information about the gdal-dev
mailing list