SHA-1 and SHA-256 might be what folks are more used to checking against.
The more encrypted traffic the better, was my thinking.
I guess I was thinking if the concern is the distribution has been
compromised by attackers they could produce a bogus hash file, but not
a GPG signature (at least hopefully not one signed by me).
BTW, how did you compress the tar file? I was checking to see if it
could be made smaller, out of curiosity, and gzip 1.8-2 here could only
make the tar file bigger regardless of the -{1..9} option.
Well, I just did a "make dist", which as I read it just invokes "gzip"
without any additional options (but it does set the GZIP variable, which
sets --best). The gzip I used claims to be:
% gzip --version
Apple gzip 264.50.1
--Ken
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers