[Haskell-cafe] GHC 7.6.3 (and others) hashes
Roman Cheplyaka
roma at ro-che.info
Sat Feb 15 19:27:56 UTC 2014
bzip2 already includes a CRC-32 checksum that should suffice for
non-security purposes.
* Kyle Marek-Spartz <kyle.marek.spartz at gmail.com> [2014-02-15 10:20:45-0600]
> It is also useful for non-security reasons, e.g. data corruption due to a poor network connection or bad file system.
>
> --
> Kyle Marek-Spartz
>
> On February 15, 2014 at 9:41:55 AM, Roman Cheplyaka (roma at ro-che.info) wrote:
> >
> > * Peter Simons [2014-02-15 16:10:55+0100]
> > > Hi Roman,
> > >
> > > > I suppose that SHA hashes are meaningless unless they are PGP-signed
> > > > by, say, Austin?
> > >
> > > well, there are shades of gray. Technically speaking, even
> > PGP-signatures
> > > are meaningless unless you've personally verified the fingerprint
> > of the
> > > PGP-key that signed the release with the owner of the key. If
> > you didn't do
> > > that, you cannot trust the key, and hence its signature doesn't
> > mean
> > > anything.
> >
> > Obviously. But PGP has at least some value (it's useful for those
> > who
> > trust the key), while just an SHA sum... I don't know.
> >
> > Also, a PGP signature is itself a signed hash, so there's hardly
> > any
> > "security" reason to prefer plain SHA to PGP.
> >
> > > In practice, however, a valid PGP-signature *does* add some
> > security. It's
> > > not 100% secure, but it's certainly better than no signature
> > at all.
> > >
> > > The same applies to publishing hashes. A published hash is no
> > guarantee that
> > > the binary is authentic, but having one is certainly better
> > than *not*
> > > having one. Right?
> >
> > In that case, SHA256 of https://www.haskell.org/ghc/dist/7.6.3/ghc-7.6.3-i386-unknown-linux.tar.bz2
> > is eb9bd2ca86c72c7f2ba9f2301e2ae04c44aa4828cf1180548619aa4c040a7ff0.
> > HTH.
> >
> > Roman
> > - signature.asc, 836 bytes _______________________________________________
> > Haskell-Cafe mailing list
> > Haskell-Cafe at haskell.org
> > http://www.haskell.org/mailman/listinfo/haskell-cafe
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20140215/80816feb/attachment.sig>
More information about the Haskell-Cafe
mailing list