[Fedora-packaging] Is md5sum compulsion in review instead sha1sum?

Chris Weyl cweyl at alumni.drew.edu
Wed Oct 14 03:47:39 UTC 2009

On Mon, Oct 12, 2009 at 10:13 PM, Matthias Clasen <mclasen at redhat.com> wrote:
> On Tue, 2009-10-13 at 08:36 +0530, Parag N(पराग़) wrote:
>> Hi all,
>>    I want to know that is there really any compulsion on posting
>> md5sum instead sha1sum?  Review Guidelines said "Reviewers should use
>> md5sum for this task." I have started posting sha1sum for source in
>> package review.
> That part of the review guidelines has always struck me as bizarre.
> After all, wouldn't it seem even better to compare the actual tarballs
> with each other, byte-by-byte, than relying on a checksum ?

Um.  An easily reproducible, cryptographically strong checksum? :)

Chris Weyl
Ex astris, scientia

More information about the Fedora-packaging mailing list