[gimp] Bug 795720 - Change MD5 sums to SHA512 ones.

[Jehan Pagès <jehanp src gnome org>]

commit 31f5d7dc0452915fd634a0cbcd0952c3599c148a
Author: Jehan <jehan girinstud io>
Date:   Sun May 6 01:16:25 2018 +0200

    Bug 795720 - Change MD5 sums to SHA512 ones.
    
    We should stop using MD5 sums altogether and push forward SHA256/SHA512
    hash sums instead. The website is also being updated to display these in
    favor of the deprecated MD5 sums.
    We are most likely not going to remove previously computed MD5 sums, or
    recompute SHA* hashes for older binaries, but at least we should stop
    doing MD5 sums of any future binary.

 devel-docs/release-howto.txt |   27 +++++++++++++++++----------
 1 files changed, 17 insertions(+), 10 deletions(-)
---
diff --git a/devel-docs/release-howto.txt b/devel-docs/release-howto.txt
index 62e198e..211ded8 100644
--- a/devel-docs/release-howto.txt
+++ b/devel-docs/release-howto.txt
@@ -131,17 +131,22 @@
 
  ( ) Publish dist tarballs:
 
-     [ ] Use md5sum to create a checksum of the tarball (tar.bz2).
+     [ ] Use `sha256sum` and `sha512sum` to create checksums of the
+         tarball (tar.bz2).
 
-     [ ] Upload the tarball (tar.bz2) and the .md5 file to your home
-         directory on pentagon.gnome.org.  Keep a copy of the .md5
-         file around.
+     [ ] Upload the tarball (tar.bz2) to your home directory on
+         pentagon.gnome.org.
 
-     [ ] Copy the tarball and the .md5 file to its final destination
-         in the download area (/srv/ftp/pub/gimp/v2.x). Really use
-         "cp" not "mv" or SELinux will make the uploaded file
-         unreadable to the web server unless some obscure status bit
-         is toggled.
+     [ ] Copy the tarball to its final destination in the download area
+         (/srv/ftp/pub/gimp/v2.x). Really use "cp" not "mv" or SELinux
+         will make the uploaded file unreadable to the web server unless
+         some obscure status bit is toggled.
+
+     [ ] Update the `SHA256SUMS` and `SHA512SUMS` files present in the
+         same download area by adding the computed sha256 and sha512
+         sums.
+         Note: do not add new MD5 sums anymore. They are considered
+         unsafe.
 
      [ ] Update the 0.0_LATEST-IS- file in the corresponding directory
          on the download server.
@@ -157,7 +162,9 @@
      branch.
 
      [ ] Update the file 'GIMP_VERSIONS' adding the version, release
-         date, tarball name and its MD5 hash under "STABLE".
+         date, tarball name and its SHA256 and SHA512 hashes under
+         "STABLE".
+         Note: do not add new MD5 sums in 'GIMP_VERSIONS' as well.
 
      [ ] Create a news items for the release in content/news/