[Fedora-packaging] Review guidelines source checksum algorithm
Michael Schwendt
mschwendt at gmail.com
Sat Apr 2 14:58:46 UTC 2011
On Sat, 2 Apr 2011 13:35:43 +0200, Björn wrote:
> Garrett Holmstrom wrote:
> > The main review guidelines page [1] specifically requires that one use
> > md5sum to compare packages' tarballs against those from upstream. Is it
> > necessary to require a specific algorithm? If so, should it still be
> > MD5 in this day and age?
The guidelines say "should" not "MUST". An attempt at making clear that
the reviewer (and the packager) should actually run some tool to compare
the included tarball with upstream's. Else some reviewers would just
compare the file name or check that the URL is valid, but not compare
any tarballs.
sha256sum would be fine, too, of course.
> Why use checksums at all when diff works just fine?
>
> Björn Persson
Sure, binary diff (byte-wise comparison I guess) is fine, too.
More information about the packaging
mailing list