On Thu, Nov 12, 2015 at 8:14 PM, Bastian Blank <wa...@debian.org> wrote:
> While SHA2 is relatively cheep, it still takes a lot of time on the > given image sizes of 30GiB, somewhat between four and six minutes. This does not have to be part of the _build_ process, it can be part of the _publishing_ process. Out of interest: If you run the same build ten times, will you always have the same binary output? > Also I'm not really sure what you want to check with this checksums. The intention is to constrain images as much as possible to be able to tell if they have been tampered with, intentionally or otherwise. If we want to reproduce a certain scenario X time later for whatever reason, checksums help. > The image uploaded to the Azure infrastructure gets modified with an > additional header, so you can't directly compare the checksum. Is it possible to remove the header for checksumming purposes? Does said header enable any direct or indirect modifications? Thanks, RIchard
