On Tue, Dec 09, 2008 at 04:30:36PM -0500, Micah Anderson wrote: > James Turnbull <[EMAIL PROTECTED]> writes: > > > The MD5 hash for the file is here: > > > > http://reductivelabs.com/downloads/puppet/puppet-0.24.7rc2.tgz.md5 > > As the one who requested this[0], I'm happy that this is being > provided, thanks! This is significantly better than most projects out > there already. However, I do think that it could be one step better. The > point of providing a md5sum (or even a sha1 sum) of a release tarball is > so that those of us downloading it can verify that the sums match > locally with what you have provided. This gives us some integrity > checking to know that the tarball hasn't been tampered with in transit > (over HTTP that is certainly possible).
This also struck me as being useful, but "not quite there yet", because
it would have been enough to just paste the checksum in the email since
James PGP-signed his email too... ;)
A.
--
Information is not knowledge
Knowledge is not wisdom
Wisdom is not truth
- Frank Zappa
signature.asc
Description: Digital signature
