Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Chris White wrote:
> Well, the problem that occurs here is the verification process. With MD5, you
> can hit most upstream sites, and they'll have an MD5SUM avaliable that you
> can authenticate against.
Well if you care enough to verify this, you can easily create an md5sum
of the fetched distfile yourself, and compare that with upstream :)
Of course, if you want to verify digests of random packages without
wanting to actually download and use them, then you would miss MD5 in
the manifest, but how likely is that?
--
Vlastimil Babka (Caster)
Gentoo/Java
--
gentoo-dev@g.o mailing list
|
|
