On Sun, Dec 1, 2024 at 6:04 AM Simon Josefsson via Gnulib discussion list <bug-gnulib@gnu.org> wrote: > Bruno Haible via Gnulib discussion list <bug-gnulib@gnu.org> writes: > > > The 'announce-gen' script shows SHA256 sums in a way that are hard to verify > > and understand for the users: > > - Verifying requires a special command that is not easy to remember. > > - Verifying requires special tools that do not exist on all systems. > > That seems true for any tool, which is why the announcement includes a > explanation on how to use the tools and how to find them. > > Isn't 'cksum' the standard and (ought to be) more commonly available > than 'sha256sum'? > > > - Understand why one checksum uses hex digits and the other is > > base64 ? > > The user doesn't have to understand this. > > > AFAICS, it all came about because the original way to present the SHA256 > > checksum exceeded the 80-columns line limit. > > Coreutils has used base64 SHA256 checksums in announcements for a long > time and this has led to many other projects following this pattern. > OpenSSH uses this format, so it is not all GNU. > > I think we should encourage use of base64 SHA256 checksums rather than > reversing this decision. > > I think we should encourage people to use 'cksum' rather than > 'sha256sum' since the latter is a bad pattern that leads to an explosion > of tools when new hash algorithms are introduced.
I too prefer the shorter checksums and would like to encourage the use of the more compact representation by making that the default. Not just to keep line lengths under 80 columns, but just generally to minimize the noise of checksums in announcements.
