You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With `shasum` for Unix checksums, they look like:
407860b1605577700750b92f464068fdaa65ff5ecb7fabcd5a9ba8dac7156149 gitoxide-max-pure-v0.38.0-alpha.2-DO-NOT-USE-x86_64-unknown-linux-musl.tar.gz
With `certutil` for Windows checksums, they looked like:
SHA256 hash of gitoxide-max-pure-v0.38.0-alpha.2-DO-NOT-USE-x86_64-pc-windows-msvc.zip:
870a157307d8674f981278afa2161973d65a4c6956fc2810cdc901886a41da12
CertUtil: -hashfile command completed successfully.
Unlike `shasum`, the `certutil` command does not verify checksums,
it only generates them. As far as I know, there are no common tools
that require the format to be as `certutil` outputs it. In
contrast, tools commonly expect the format `shasum` outputs.
Furthermore, the Git Bash environment from Git for Windows includes
`shasum`, which means it is present:
- On GitHub Actions runners for Windows (as for other platforms).
- On the computers of most Windows users in gitoxide's user base.
Even if someone does not have `shasum` or another tool that will
automatically verify checksums from this format, they would at
worst need to verify it manually, which I believe is typically
already the case when examining output from `certutil` in the above
format. Furthermore, we have not published checksums before, so for
gitoxide no one is relying on checksums being published that way.
0 commit comments