From NWChem
You are viewing a single post from the thread title above
|
|
|
|
| 1:54:12 AM - Fri, Sep 23rd 2011 |
|
Thank you for the checksum (it does match what I have on my system).
I guess my main motivation is less the risk of an accidentally corrupted download, but rather the risk of a malicious man-in-the-middle attack (which is, admittedly, quite unlikely). If I am going to install software on my system, I like to know that it is the same software that the "upstream" is actually distributing, so that the only security risk I incur is that of trusting the upstream to not be malicious. On Debian/Ubuntu/Fedora/RHEL, installed packages are signed and the signature is verified by the package manager; checksums are a cheap alternative that is almost as effective.
Quote: Sep 23rd 12:27 amWe can post a SHA256 checksum for you if needed. Most of the open-source (non-industry) research codes just post source and binary and generally do not list a checksum.
It sounds like you are concerned your download did not go through properly. Can you elaborate.
Bert
Quote: Sep 22nd 8:22 pmIs any developer interested in posting a checksum (e.g. SHA256) of the Nwchem-6.0.tar.gz?
This is something of an industry standard for open-source software, and helps ensure that the tarball as downloaded is the intended set of bits. |
|
|
AWC's:
2.5.10 MediaWiki - Stand Alone Forum Extension
Forum theme style by: AWC
