Thread: add sha256 files to releases

add sha256 files to releases

From

Peter Eisentraut

Date:

15 April 2013, 05:57:35

Could we generated sha256 files for the release tarballs, instead of the
md5 files that are currently generated?  The packaging systems that I
surveyed that verify the checksum of the tarball (FreeBSD ports and the
like) don't use md5 anymore, so a sha256 file would be much more useful
for direct verification.  For someone doing manual checking of their
download, it wouldn't make a difference if a different method is used.

We could start doing that either beginning with the 9.3 release series,
or beginning with the next set of minor releases.

Re: add sha256 files to releases

From

Tom Lane

Date:

15 April 2013, 06:24:26

Peter Eisentraut <peter_e@gmx.net> writes:
> Could we generated sha256 files for the release tarballs, instead of the
> md5 files that are currently generated?  The packaging systems that I
> surveyed that verify the checksum of the tarball (FreeBSD ports and the
> like) don't use md5 anymore, so a sha256 file would be much more useful
> for direct verification.  For someone doing manual checking of their
> download, it wouldn't make a difference if a different method is used.

md5 is still handy for Fedora/RHEL purposes --- not so much for
verification, as for a crosscheck that the upload into their lookaside
cache happened correctly (the lookaside cache is indexed by md5).

I have no objection to generating sha256 checksums in addition to the
md5 ones, though.
        regards, tom lane