Hi!
while reviewing Celix RC I came across a peculiar format
for the SHA/MD5 checksums which I've never seen before:
https://dist.apache.org/repos/dist/dev/incubator/celix/celix-0.0.1-incubating/
Turns out, this is the output of gpg and it seems that
there's no way to ask gpg to verify it (unlike -c for md5sum lets
say). Worse yet, because of the spaces it is not
easy to reconcile the output with the more typical
md5sum one.
And yet we actually explicitly document gpg as one of the
tools: http://www.apache.org/dev/release-signing#md5
So here's the question: are we making it less likely
for folks to actually verify MD5/SHA checksums if
we don't have a consistent format for them?
Thanks,
Roman (hiding from hobgoblins of little minds).
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
