Does readme.txt.asc need to be updated?

[tuanpham96]

In the file with checksum readme.txt.asc in Releases, it says the hash is SHA512 but the signatures are actually SHA1.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Packages signatures:

91c943395c7e1f9344b81327ee24c0ed3a130629  bins/opensnitch_1.6.1-1_amd64.deb
32c0ce79e4778343c6ee6c6179f161be23528f9b  bins/opensnitch_1.6.1-1_armhf.deb
2ccead43ed89310c7cb73f69294f3088f29b11c4  bins/opensnitch-1.6.1-1.armv7hnl.rpm
...

For example:

$ sha1sum opensnitch_1.6.1-1_amd64.deb 
91c943395c7e1f9344b81327ee24c0ed3a130629  opensnitch_1.6.1-1_amd64.deb
$ sha512sum opensnitch_1.6.1-1_amd64.deb 
6f6618fc880f09c7a5ee2cdd52e1e1077071c6a8b02174bbce7c195a8a1f5763ac649e62bff0fc19f39d3d952e66bea2f72617bc8d5a30f5d830e81e1264f68a  opensnitch_1.6.1-1_amd64.deb

Is that a typo, or maybe I'm misunderstanding what that field refers to?

Thanks!

[gustavo-iniguez-goya]

Hi @tuanpham96 ,

The "packages signatures" are the checksums of the packages, hashed with sha1.

The header Hash: SHA512 refers to the hash used by gpg to sign the file readme.txt.

[tuanpham96]

thank you for the clarification!