Re: [Gegl-developer] babl and gegl: SHA{1, 256}SUMS files not updated



On Mon, Nov 27, 2017 at 7:38 AM, Chris Clayton via gegl-developer-list
<gegl-developer-list gnome org> wrote:
Hi

gegl-0.3.24 and babl-0.1.38 have been released recently, but in neither case have the SHA<n>SUMS files been 
regenerated.

Where possible, I like to verify sources before building and installing on my system. I'm sure I'm not 
alone in this.

For downloads directly from https://download.gimp.org/ - these
checksums provide about as much verification as the bz2 compression
itself, if the download is corrupted the unpacking of the archives
would fail, a malicious attacker that hacked into download.gimp.org
would be able to change both the archive and checksums anyways. These
checksum files are most useful for mirrors when mirroring as well as
manual checking of something downloaded from a mirror against
checksums gotten directly from download.gimp.org; and they've been
updated now.

/pippin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]