Hi, some days ago darix and I had a small discussion about verifying the integrity of the downloaded packages which are used for local builds. The idea is that we add a checksum for each package to the buildinfo xml so that a client/osc can "easily" check if the downloaded file is corrupted. For instance we could add the hdrmd5 to buildinfo (this would require only a small change in the backend) or alternatively we add the md5 of the whole package to the buildinfo (this would probably require a bigger change in the backend). The advantage of the latter is that it is much easier to verify for the client (but then I don't think there are many clients which deal with the buildinfo at all...). Any opinions?:) Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org