Обсуждение: add sha256 files to releases


add sha256 files to releases

Peter Eisentraut
Could we generated sha256 files for the release tarballs, instead of the
md5 files that are currently generated?  The packaging systems that I
surveyed that verify the checksum of the tarball (FreeBSD ports and the
like) don't use md5 anymore, so a sha256 file would be much more useful
for direct verification.  For someone doing manual checking of their
download, it wouldn't make a difference if a different method is used.

We could start doing that either beginning with the 9.3 release series,
or beginning with the next set of minor releases.

Re: add sha256 files to releases

Tom Lane
Peter Eisentraut <peter_e@gmx.net> writes:
> Could we generated sha256 files for the release tarballs, instead of the
> md5 files that are currently generated?  The packaging systems that I
> surveyed that verify the checksum of the tarball (FreeBSD ports and the
> like) don't use md5 anymore, so a sha256 file would be much more useful
> for direct verification.  For someone doing manual checking of their
> download, it wouldn't make a difference if a different method is used.

md5 is still handy for Fedora/RHEL purposes --- not so much for
verification, as for a crosscheck that the upload into their lookaside
cache happened correctly (the lookaside cache is indexed by md5).

I have no objection to generating sha256 checksums in addition to the
md5 ones, though.
        regards, tom lane