Re: [SCRIPT] Generate SHA256SUM files for the mirror

[Oliver Kiddle <opk@xxxxxxx>]

Clinton Bunch wrote:
> The browser police have gotten very strict and corporate oriented they 
> flag things as phishing or malware very easily nowadays and one of their 
> red flags is an absence of modern chksums  and when they do they put up 

I've added the SHA256SUM files as per your instructions.

Is rather silly given that the MD5 checksums are there to detect
bitflips and corruption rather than any security or malware. I can't
say I've seen any such flags but then I only use firefox or librewolf
and set browser.safebrowsing.enabled to false to stop it contacting
google addresses. Files on the mirrors are GPG signed for the security-
conscious. That may not be the modern approach either these days with
alternatives like sigstore.

I've left the MD5SUM files there too for now. May not be a good idea
to purge them too quickly - perhaps they can go when we've got a new
release to upload.

Etc/creating-a-release.txt makes no mention of updating the MD5SUM
files.

> They also don't like bare apache auto index pages.

Not a lot we can do about the mirrors, not that there are many anymore
(and I've just removed the one that was reported as broken). The primary
site uses nginx rather than apache. The auto index can perhaps be
customised somewhat. That may help if you have suggestions on how to do
it.

Oliver