Peter Eisentraut <peter_e@gmx.net> writes:
> Could we generated sha256 files for the release tarballs, instead of the
> md5 files that are currently generated? The packaging systems that I
> surveyed that verify the checksum of the tarball (FreeBSD ports and the
> like) don't use md5 anymore, so a sha256 file would be much more useful
> for direct verification. For someone doing manual checking of their
> download, it wouldn't make a difference if a different method is used.
md5 is still handy for Fedora/RHEL purposes --- not so much for
verification, as for a crosscheck that the upload into their lookaside
cache happened correctly (the lookaside cache is indexed by md5).
I have no objection to generating sha256 checksums in addition to the
md5 ones, though.
regards, tom lane