Should we provide md5/sha1/sha256 checksums for stack binaries

[Jan von Löwenstein]

Hi,

actually the topic says it all. Either I missed the checksums to confirm my download was ok, or there are no checksums.

I feel like there should be a way to verify that download was not broken.

Best

Jan

[Emanuel Borsboom]

There are GPG signatures at https://github.com/commercialhaskell/stack/releases (the files with `.asc` extension) that can be used to verify, but we could add `.sha256` files pretty easily as well for future releases.  Can you think of any reason we should _also_ include md5/sha1, or would just sha256 be enough?

--
You received this message because you are subscribed to the Google Groups "haskell-stack" group.
To unsubscribe from this group and stop receiving emails from it, send an email to haskell-stac...@googlegroups.com.
To post to this group, send email to haskel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/haskell-stack/a99fb41c-bc8a-4abe-9dc7-0542705012c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jan von Löwenstein]

Sounds good to me. That was meant as or, not and.