[uf-discuss] Proposal for MD5/SHA-1 hash microformat

anthony l. bryan albryan at comcast.net
Mon Jan 30 21:05:57 PST 2006 

Hello everyone,

I've been following the discussions for a few days & just wanted to say hi.
You guys are doing some interesting cool stuff.

I'd like to propose a simple format that I would find useful. I'm new at
this, so please correct my errors!

Basically, checksums (MD5 & SHA-1 hashes) are offered for software
releases/files to prove they haven't been tampered with. 

No average people use them. I think its safe to say only technical people
do, and probably not as often as they should/could. What I think a
microformat could do is make it easier to automatically use them and verify
files. If you aren't familiar, check out
http://download.openoffice.org/2.0.1/md5sums.html and
http://www.openoffice.org/dev_docs/using_md5sums.html .

Here's a few examples of what they might look like. I'm not familiar w/
"rel" but I see you guys use it quite a bit. If it's ok to create a new
element, I would say "hash" or "checksum" would be better. I believe MD5 is
32 characters and SHA-1 is 40, so you should be able to tell the difference
by length.

<a
href="http://mirrors.isc.org/pub/openoffice/stable/2.0.1/OOo_2.0.1_LinuxInte
l_install.tar.gz" rel="md5:e0d123e5f316bef78bfdf5a008837577">OpenOffice.org
2.0.1 for Linux</a>

(use sha-1:xxxxxx for sha-1 etc)

<a
href="http://mirrors.isc.org/pub/openoffice/stable/2.0.1/OOo_2.0.1_LinuxInte
l_install.tar.gz" hash="e0d123e5f316bef78bfdf5a008837577">OpenOffice.org
2.0.1 for Linux</a>

<a
href="http://mirrors.isc.org/pub/openoffice/stable/2.0.1/OOo_2.0.1_LinuxInte
l_install.tar.gz" checksum="e0d123e5f316bef78bfdf5a008837577">OpenOffice.org
2.0.1 for Linux</a>

Anyways, you get the idea. A browser/extension/plugin/download manager could
easily read this, then verify if the file is good (actually, just alert them
if its bad would probably be easier).

Another nice thing about the checksum is that it references a specific file.
Some installation files don't contain a version number in them, so they all
have the same filename (iTunes 5, 6, 6.0.1, 6.0.2 wer all called
iTunesSetup.exe, all versions of Skype are SkypeSetup.exe, or documents,
etc) so you could reference a specific version of a file & maybe find it
with a search engine that stores hashes.

ant

More information about the microformats-discuss mailing list