[fpc-pascal] FPC 3.0.4 released!

Tomas Hajny XHajT03 at hajny.biz
Sun Dec 3 00:33:04 CET 2017 

On Fri, December 1, 2017 00:55, kardan wrote:
 .
 .
> In your case it would be probably enough to
> sha256sum $FILES > SHA256SUMS.txt
> gpg --sign SHA256SUMS.txt

Sorry, but I'm afraid that you miss the point - adding checksums requires
additional effort from release builders and they are not convinced about
usefulness and/or necessity of this at the moment (especially if a secure
download option is already available and anybody may build the release on
his own from the provided sources to make 100% sure about the
consistency).

Nevertheless, if you consider this a priority, you can try to provide a
complete solution - if the additional effort is negligible, the FPC core
team _may_ consider using this solution for future releases.

While thinking about the solution, take the following into account:

1) Releases for all platforms are not created at the same time (it's often
the case that release builds for less common targets are added later).
This means that the checksums may not be added at once by a single person
(release coordinator) as suggested in one of the posts in this thread.

2) $FILES are scattered across a larger amount of subdirectories on the
master server (obviously, this may be scripted, but someone would still
need to do it).

3) Release builds are being created by various people on different
platforms (*nix, MS Windows, OS/2, etc.) with varying level of automation
(it isn't always that everything is a matter of a single make command
followed by an upload). These platforms may not have the tools mentioned
above, or at least not have them installed by default. Different make
targets are used on different platforms due to differences in the
installation package formats.

4) Releases are available from two groups of servers with different
structure and different maintenance options. One group are SF.net mirrors,
the other are FTP / HTTP mirrors of the FPC repository. You would need to
think where the potential SHA256SUMS.txt file should be stored on both of
these groups (or how else it should be made available).

Tomas

More information about the fpc-pascal mailing list