From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.50)
	id 1EUCXY-0003Ws-0q
	for garchives@archives.gentoo.org; Tue, 25 Oct 2005 00:19:44 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j9P0HKmj031083;
	Tue, 25 Oct 2005 00:17:20 GMT
Received: from smtp13.wxs.nl (smtp13.wxs.nl [195.121.6.27])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j9P07Ybw017840
	for <gentoo-user@lists.gentoo.org>; Tue, 25 Oct 2005 00:07:34 GMT
Received: from [10.0.0.150] (ip3e83ab52.speed.planet.nl [62.131.171.82])
 by smtp13.wxs.nl (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
 with ESMTP id <0IOW00CR430CP5@smtp13.wxs.nl> for gentoo-user@lists.gentoo.org;
 Tue, 25 Oct 2005 02:07:24 +0200 (CEST)
Date: Tue, 25 Oct 2005 02:07:23 +0200
From: Holly Bostick <motub@planet.nl>
Subject: Re: [gentoo-user] Um...Who can fix this?
In-reply-to: <20051025124728.C767.NICK@rout.co.nz>
To: gentoo-user@lists.gentoo.org
Message-id: <435D773B.70802@planet.nl>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8
Content-transfer-encoding: 7BIT
X-Accept-Language: nl-NL, nl, en
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051002)
X-Enigmail-Version: 0.92.0.0
References: <20051025111033.C761.NICK@rout.co.nz>
 <435D6F37.7080908@djnauk.co.uk> <20051025124728.C767.NICK@rout.co.nz>
X-Archives-Salt: 235e7dbb-f519-47f3-b402-25f9cc9da04b
X-Archives-Hash: e212028ecc856241e3f91c3b3909a3be

Nick Rout schreef:
> 
> I agree it is necessary when doing something in your overlay. It
> seems most people who post to bugs.gentoo.org do not post a digest
> file. Perhaps they should.

Sometimes people do, but iirc this is discouraged by the dev team. Don't
know why, but I know if I use an overlay ebuild, the tarball is
downloaded when the digest is made (thus the md5 is taken directly from
the tarball after downloading). I don't really think I'd want to rely on
some unknown person's digest from a download that may not be the same as
mine for whatever reason. At least this way I can confirm the tarball is
from the legitimate source (by watching the wget output), and if
necessary, compare the digest md5 with the md5 on the tarball's homepage
(usually available).

Having a digest from an 'untrusted source' (it's unofficial, after all)
would encourage me to trust sources I shouldn't just trust by default,
and I don't want to get into a bad habit like that.

Holly
-- 
gentoo-user@gentoo.org mailing list