The main review guidelines page [1] specifically requires that one use md5sum to compare packages' tarballs against those from upstream. Is it necessary to require a specific algorithm? If so, should it still be MD5 in this day and age? [1] http://fedoraproject.org/wiki/Packaging:ReviewGuidelines -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
