On 17.03.2021 18:53, Benjamin Peterson wrote:
On Wed, Mar 17, 2021, at 09:29, Victor Stinner wrote:
On Tue, Mar 16, 2021 at 9:16 PM Gregory P. Smith <greg@krypto.org> wrote:
The benefit of listing the sha256 for files is that it prevents this question coming up again and again because md5 is old and rightfully on the "never use" list for many people. Even if there are situations where it is fine as an effective improvement over a CRC.
Would it be possible to provide multiple hashes, like MD5 *and* SHA256 (and maybe also SHA512)? Or is there a practical problem to list multiple hashes on a web page?
How about zero hashes?
IMO, it would be better to put SHA256SUM files into the download folder of each release (these could be cron generated to not make the release process more difficult), e.g.
https://www.python.org/ftp/python/3.9.2/
These files would then contain all hashes for all files in a directory and together with the sha256sum command provide a nice interface for checking any downloads.
https://linux.die.net/man/1/sha256sum
That said, most of the file formats used for release files already include checks against file corruption. On the plus side, you don't have to run e.g. an .exe to find out.
-- Marc-Andre Lemburg eGenix.com
Professional Python Services directly from the Experts (#1, Mar 17 2021)
Python Projects, Coaching and Support ... https://www.egenix.com/ Python Product Development ... https://consulting.egenix.com/
::: We implement business ideas - efficiently in both time and costs :::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 https://www.egenix.com/company/contact/ https://www.malemburg.com/