Bug#932943: Missing SHA512 and gpg signature

To: 932943@bugs.debian.org
Subject: Bug#932943: Missing SHA512 and gpg signature
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Mon, 5 Aug 2019 13:33:26 +0000
Message-id: <[🔎] 20190805133325.fsuvxkghsx7fwljm@yuggoth.org>
Reply-to: Jeremy Stanley <fungi@yuggoth.org>, 932943@bugs.debian.org
In-reply-to: <[🔎] 20190805094134.moxgmtydeuf6lgfc@shell.thinkmo.de>
References: <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 944c22ae-a143-828b-8a47-9569f24bd848@debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 20190804162930.yr4we3rgr2tp2w3x@shell.thinkmo.de> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] f179f5b0-26ce-0123-0f85-444f7050e20b@debian.org> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org> <[🔎] 20190805094134.moxgmtydeuf6lgfc@shell.thinkmo.de> <156400920483.19211.18056079851593158031.reportbug@buzig2.debian.org>

On 2019-08-05 11:41:34 +0200 (+0200), Bastian Blank wrote:
> On Sun, Aug 04, 2019 at 10:05:32PM +0100, Chris Boot wrote:
> > On 04/08/2019 17:29, Bastian Blank wrote:
[...]
> > > No, don't.  Use base64 like everyone else.
> > 
> > I strongly disagree with this. Practically everyone else uses
> > hexadecimal for plain checksums. A GPG signature is its own
> > thing but is (generally) plaintext (I'm assuming clearsign).
> > This is what we (as in the project) use for the archive and for
> > ISOs.
> 
> Everything current switches to base64. It's shorter and easier to
> see changes. Hex only survives where people tend to read it.

You mentioned Kubernetes (which I haven't really used so have yet to
notice), but who else's "current" software encodes checksums in
base64 besides the Kubernetes ecosystem? I'm honestly curious as I
still only ever see checksums in hexidecimal notation. The
sha512sum(1) manpage makes no mention of having support for
verifying base64-encoded checksums, for example.

There's something to be said for sticking with traditional
standards; newer is not always better.
-- 
Jeremy Stanley

Reply to:

Follow-Ups:
- Re: Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>

References:
- Bug#932943: Missing SHA512 and gpg signature
  - From: Chris Boot <bootc@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Chris Boot <bootc@debian.org>
- Bug#932943: Missing SHA512 and gpg signature
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Bug#932943: Missing SHA512 and gpg signature
Next by Date: Re: Regular meeting of the team
Previous by thread: Bug#932943: Missing SHA512 and gpg signature
Next by thread: Re: Bug#932943: Missing SHA512 and gpg signature
Index(es):
- Date
- Thread