[Fedora-legal-list] Creating a trusted sha256sum.exe binary for verifying *-CHECKSUM files on Windows
Todd Zullinger
tmz at pobox.com
Sat Dec 19 19:28:29 UTC 2009
Greetings,
Some of you might be aware that the instructions for verifying our
*-CHECKSUM files on Windows have been broken since we moved to SHA256.
Previously, we linked users to a sha1sum.exe built by the GnuPG
project¹. With SHA256, we don't have that ability.
There is an open bug to provide a sha256sum.exe which we can point to
for Windows who don't have any other tools to verify SHA256
checksums².
Packages are ready and referenced in bug 527060³. The idea is to
build these packages in koji, though not for inclusion in any Fedora
release (as the packages are mostly a bit of a hack to build a small
subset of coreutils for Windows).
What I'm wondering about is what do we need to do in order to ensure
GPL compliance here? Knowing that will help me move this forward with
the folks on the infrastructure team.
We discussed this a bit on the infrastructure list⁴ a month back,
though the discussion got off on a few tangents. I'd like to revive
it and I think that having some insight from the legal team will help.
Bruno Wolff III had some interesting questions regarding GPL
compliance and MingW binaries at the end of the infra-list thread⁵.
Thanks for any help and guidance!
¹ http://docs.fedoraproject.org/readme-burning-isos/en_US/sn-validating-files.html
² https://bugzilla.redhat.com/show_bug.cgi?id=527060
³ https://bugzilla.redhat.com/show_bug.cgi?id=527060#c14
⁴ http://www.redhat.com/archives/fedora-infrastructure-list/2009-November/msg00140.html
⁵ http://www.redhat.com/archives/fedora-infrastructure-list/2009-November/msg00158.html
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Politicians are interested in people. Not that this is always a
virtue. Fleas are interested in dogs.
-- P.J. O'Rourke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legal-list/attachments/20091219/a287ebc2/attachment.sig>
More information about the Fedora-legal-list
mailing list