[Stackless] MD5 checksums for gzipped tarballs?

David E. Sallis David.Sallis at noaa.gov
Fri Nov 2 15:45:50 CET 2007


Many thanks, Christian, Richard and Guy!

 > What is the point of providing md5 sums?

To ensure that files are not compromised in some way during a download, or by being hacked at the download source.

 > Is python.org not treated as a trustable source?

As you can see from my .sig, I work at NOAA, which is part of the U.S. Department of Commerce.   Their IT policy is to Trust No One. 
  Several years ago source code distributions were considered trustworthy (as opposed to binaries) but lately they've tightened 
their policy to require digital signatures for *any* software acquired from an external source.  The other acceptable alternative, 
in the absence of a digital signature, is a minimum of three alternate locations for distributions so that they may be separately 
downloaded and manually compared.

Richard, thank you for generating and posting the MD5s.  That's just what I needed.

yours,
David


-- 
David E. Sallis, Software Architect
General Dynamics Information Technology
NOAA Coastal Data Development Center
Stennis Space Center, Mississippi
228.688.3805
david.sallis at gdit.com
david.sallis at noaa.gov
--------------------------------------------
"Better Living Through Software Engineering"
--------------------------------------------




More information about the Stackless mailing list