From NWChem
Viewed 100 times, With a total of 3 Posts
|
|
8:22:41 PM - Thu, Sep 22nd 2011 |
|
Is any developer interested in posting a checksum (e.g. SHA256) of the Nwchem-6.0.tar.gz?
This is something of an industry standard for open-source software, and helps ensure that the tarball as downloaded is the intended set of bits.
|
|
|
|
|
12:27:05 AM - Fri, Sep 23rd 2011 |
|
We can post a SHA256 checksum for you if needed. Most of the open-source (non-industry) research codes just post source and binary and generally do not list a checksum.
It sounds like you are concerned your download did not go through properly. Can you elaborate.
Bert
Quote: Sep 22nd 8:22 pmIs any developer interested in posting a checksum (e.g. SHA256) of the Nwchem-6.0.tar.gz?
This is something of an industry standard for open-source software, and helps ensure that the tarball as downloaded is the intended set of bits.
|
|
|
-
Bert NWChemDeveloper, bureaucrat, sysop
|
|
Gets Around
Threads 1
Posts 173
|
|
12:30:56 AM - Fri, Sep 23rd 2011 |
|
sha256sum Nwchem-6.0.tar.gz
d16e02f91874190e9b01da74e7479bfe4913b70c7f2c53dd7f6ddafd11b79d28 Nwchem-6.0.tar.gz
Bert
Quote: Sep 23rd 12:27 amWe can post a SHA256 checksum for you if needed. Most of the open-source (non-industry) research codes just post source and binary and generally do not list a checksum.
It sounds like you are concerned your download did not go through properly. Can you elaborate.
Bert
Quote: Sep 22nd 8:22 pmIs any developer interested in posting a checksum (e.g. SHA256) of the Nwchem-6.0.tar.gz?
This is something of an industry standard for open-source software, and helps ensure that the tarball as downloaded is the intended set of bits.
|
|
|
|
|
1:54:12 AM - Fri, Sep 23rd 2011 |
|
Thank you for the checksum (it does match what I have on my system).
I guess my main motivation is less the risk of an accidentally corrupted download, but rather the risk of a malicious man-in-the-middle attack (which is, admittedly, quite unlikely). If I am going to install software on my system, I like to know that it is the same software that the "upstream" is actually distributing, so that the only security risk I incur is that of trusting the upstream to not be malicious. On Debian/Ubuntu/Fedora/RHEL, installed packages are signed and the signature is verified by the package manager; checksums are a cheap alternative that is almost as effective.
Quote: Sep 23rd 12:27 amWe can post a SHA256 checksum for you if needed. Most of the open-source (non-industry) research codes just post source and binary and generally do not list a checksum.
It sounds like you are concerned your download did not go through properly. Can you elaborate.
Bert
Quote: Sep 22nd 8:22 pmIs any developer interested in posting a checksum (e.g. SHA256) of the Nwchem-6.0.tar.gz?
This is something of an industry standard for open-source software, and helps ensure that the tarball as downloaded is the intended set of bits.
|
|
|
AWC's:
2.5.10 MediaWiki - Stand Alone Forum Extension
Forum theme style by: AWC