Bruno Haible via Gnulib discussion list <bug-gnulib@gnu.org> writes: > The 'announce-gen' script shows SHA256 sums in a way that are hard to verify > and understand for the users: > - Verifying requires a special command that is not easy to remember. > - Verifying requires special tools that do not exist on all systems.
That seems true for any tool, which is why the announcement includes a explanation on how to use the tools and how to find them. Isn't 'cksum' the standard and (ought to be) more commonly available than 'sha256sum'? > - Understand why one checksum uses hex digits and the other is > base64 ? The user doesn't have to understand this. > AFAICS, it all came about because the original way to present the SHA256 > checksum exceeded the 80-columns line limit. Coreutils has used base64 SHA256 checksums in announcements for a long time and this has led to many other projects following this pattern. OpenSSH uses this format, so it is not all GNU. I think we should encourage use of base64 SHA256 checksums rather than reversing this decision. I think we should encourage people to use 'cksum' rather than 'sha256sum' since the latter is a bad pattern that leads to an explosion of tools when new hash algorithms are introduced. /Simon
signature.asc
Description: PGP signature
