On Mon, Oct 12, 2009 at 10:13 PM, Matthias Clasen <mclasen(a)redhat.com> wrote:
On Tue, 2009-10-13 at 08:36 +0530, Parag N(पराग़) wrote:
> Hi all,
> I want to know that is there really any compulsion on posting
> md5sum instead sha1sum? Review Guidelines said "Reviewers should use
> md5sum for this task." I have started posting sha1sum for source in
> package review.
That part of the review guidelines has always struck me as bizarre.
After all, wouldn't it seem even better to compare the actual tarballs
with each other, byte-by-byte, than relying on a checksum ?
Um. An easily reproducible, cryptographically strong checksum? :)
-Chris
--
Chris Weyl
Ex astris, scientia