[Buildroot] [PATCH 4/4] popt: add hash file
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Tue Jul 7 14:53:15 UTC 2015
Dear Gustavo Zacarias,
On Tue, 07 Jul 2015 11:34:35 -0300, Gustavo Zacarias wrote:
> Yes, very subjective though.
> Right now we're fetching from a mirror and that's where the md5 comes from.
> Proper upstream is back but never provided a md5 or sig for the latest
> releases, so that md5 isn't "original".
> I based my calculation on a locally cached popt tarball that predates
> the source change BTW.
> And to be honest hashes that aren't backed by announcements (archived on
> mailing lists that are on separate infra, hence harder to tamper with)
> are worth almost nothing.
Though our policy so far is to have the upstream hash when available,
and if it's too weak complement it with a locally calculated stronger
hash.
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list