On Sat, 2 Apr 2011 13:35:43 +0200, Björn wrote: > Garrett Holmstrom wrote: > > The main review guidelines page [1] specifically requires that one use > > md5sum to compare packages' tarballs against those from upstream. Is it > > necessary to require a specific algorithm? If so, should it still be > > MD5 in this day and age? The guidelines say "should" not "MUST". An attempt at making clear that the reviewer (and the packager) should actually run some tool to compare the included tarball with upstream's. Else some reviewers would just compare the file name or check that the URL is valid, but not compare any tarballs. sha256sum would be fine, too, of course. > Why use checksums at all when diff works just fine? > > Björn Persson Sure, binary diff (byte-wise comparison I guess) is fine, too. -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
