Bug#932943: Missing SHA512 and gpg signature
On Sat, Aug 03, 2019 at 03:06:39PM +0100, Chris Boot wrote:
> - Which checksums should we include? Our Apt repos use MD5 and SHA-256,
> and our ISOs use MD5, SHA-1, SHA-256 and SHA-512. I'd be inclined to
> suggest SHA-256 and SHA-512 only, personally.
Only one of them. And I would go directly to SHA3 for new stuff.
> 1. Add labels of the form "checksum.cloud.debian.org/${ALGO}" under
> metadata.labels, for example "checksum.cloud.debian.org/sha256".
Labels are to search for stuff, not describe the content.
> 3. Add a new mapping within the "data" mapping called "checksums" with
> keys for each algorithm, e.g. "data.checksums.sha256".
The usual way would be something like this:
| data:
| verify:
| - name: sha3_256
| content: ABC=
| - name: gpg
| content: AAA=
> In each case I expect the values to be hex strings, effectively the same
> as the first column of the output from sha1sum, sha256sum, sha512sum,
> etc... from coreutils.
No, don't. Use base64 like everyone else.
Bastian
--
A father doesn't destroy his children.
-- Lt. Carolyn Palamas, "Who Mourns for Adonais?",
stardate 3468.1.
Reply to: