[fpc-pascal] FPC 3.0.4 released!

Tomas Hajny XHajT03 at hajny.biz
Thu Nov 30 23:26:31 CET 2017


On Thu, November 30, 2017 22:46, Graeme Geldenhuys wrote:
> On 2017-11-30 14:47, Tomas Hajny wrote:
>> Sourceforge provides HTTPS access, that should be safe enough. Apart
>> from
>> that - no, checksums are not being created as part of the release
>> process
>> at the moment.
>>
>> Tomas
>
> That really should be fixed. As someone that has many many releases is
> my years, in is hardly any effort creating such checksums - and can be
> easily scripted.

Checksums may indeed be created / calculated rather easily. However, that
is not enough. The checksums must get to the end user in secured way as
well, otherwise it makes no sense. What is the appropriate mechanism for
that from your point of view? Just listing on our WWW pages (since these
may be accessed via HTTPS to avoid modification on the way) and copying
the checksum to the WWW pages with links (somewhat time-consuming,
unfortunately, due to many download pages and many files - I guess that we
may provide you with a possibility to do this for the next release if you
like ;-) )? Or having a signed (how - which trusted signature source?)
checksum file accompanying each and every released file (cluttering the
release directories considerably)? Or?

Tomas





More information about the fpc-pascal mailing list