On 13/06/18 09:18, Even Rouault wrote:
The checksum is more intended to check that there wasn't an accidental corruption in the transportation of the archive (MD5 will remain safe forever for detecting that), rather than an attempt to forge an hostile archive. In which case, we should also sign the checksum...
Or just sign the tarballs. :-) Ben _______________________________________________ gdal-dev mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/gdal-dev
