[uf-discuss] Proposal for MD5/SHA-1 hash microformat

Charles Iliya Krempeaux supercanadian at gmail.com
Mon Jan 30 21:54:15 PST 2006


Hello Anthony,

As you mentioned, some people do pay attention to checksums and
hashes.  So why not keep it in the open.  How about something like:

    <span class="download">
        <a rel="bookmark" href="...">Download OOo</a>
        <span class="checksum md5">e0d123e5f316bef78bfdf5a008837577</span>
    </span>

Note, with Microformats you can throw a whole bunch of stuff in there
to make it look nice.   (If you're not sure what I mean, I can
explain.) And you could put those "class" attributes on other tags
besides the <span>.


See ya


On 1/30/06, anthony l. bryan <albryan at comcast.net> wrote:
> Hello everyone,
>
> I've been following the discussions for a few days & just wanted to say hi.
> You guys are doing some interesting cool stuff.
>
> I'd like to propose a simple format that I would find useful. I'm new at
> this, so please correct my errors!
>
> Basically, checksums (MD5 & SHA-1 hashes) are offered for software
> releases/files to prove they haven't been tampered with.
>
> No average people use them. I think its safe to say only technical people
> do, and probably not as often as they should/could. What I think a
> microformat could do is make it easier to automatically use them and verify
> files. If you aren't familiar, check out
> http://download.openoffice.org/2.0.1/md5sums.html and
> http://www.openoffice.org/dev_docs/using_md5sums.html .
>
> Here's a few examples of what they might look like. I'm not familiar w/
> "rel" but I see you guys use it quite a bit. If it's ok to create a new
> element, I would say "hash" or "checksum" would be better. I believe MD5 is
> 32 characters and SHA-1 is 40, so you should be able to tell the difference
> by length.
>
> <a
> href="http://mirrors.isc.org/pub/openoffice/stable/2.0.1/OOo_2.0.1_LinuxInte
> l_install.tar.gz" rel="md5:e0d123e5f316bef78bfdf5a008837577">OpenOffice.org
> 2.0.1 for Linux</a>
>
> (use sha-1:xxxxxx for sha-1 etc)
>
> <a
> href="http://mirrors.isc.org/pub/openoffice/stable/2.0.1/OOo_2.0.1_LinuxInte
> l_install.tar.gz" hash="e0d123e5f316bef78bfdf5a008837577">OpenOffice.org
> 2.0.1 for Linux</a>
>
> <a
> href="http://mirrors.isc.org/pub/openoffice/stable/2.0.1/OOo_2.0.1_LinuxInte
> l_install.tar.gz" checksum="e0d123e5f316bef78bfdf5a008837577">OpenOffice.org
> 2.0.1 for Linux</a>
>
> Anyways, you get the idea. A browser/extension/plugin/download manager could
> easily read this, then verify if the file is good (actually, just alert them
> if its bad would probably be easier).
>
> Another nice thing about the checksum is that it references a specific file.
> Some installation files don't contain a version number in them, so they all
> have the same filename (iTunes 5, 6, 6.0.1, 6.0.2 wer all called
> iTunesSetup.exe, all versions of Skype are SkypeSetup.exe, or documents,
> etc) so you could reference a specific version of a file & maybe find it
> with a search engine that stores hashes.


--
    Charles Iliya Krempeaux, B.Sc.

    charles @ reptile.ca
    supercanadian @ gmail.com

    developer weblog: http://ChangeLog.ca/


More information about the microformats-discuss mailing list