[doap-interest] Auditing Releases

Stuart A. Yeates syeates at gmail.com
Thu Aug 14 02:33:48 BST 2008

I'd be inclined to do this using a mime-typed label, such as:

<rdf:Description rdf:about="http://example.com/build-product-1.2.3.zip">
    <rdfs:label mime-type="x-sha1-checksum">1234567890ABCDEF</rdfs:label>

There is a "pgp-signature" mime-type already registered, if you are using that.


On Thu, Aug 14, 2008 at 9:34 AM, Robert Burrell Donkin
<robertburrelldonkin at blueyonder.co.uk> wrote:
> one of my interests is auditing open source releases. anditing and
> widely disseminating sums for released artifacts provides defense in
> depth against poisoning at source. for example,
> http://incubator.apache.org/audit/.
> i plan to add some RDFa instrumentation. if possible, i'd like to reuse
> vocabulary. so i wondered whether the DOAP community has any ideas/plans
> to extend it's release information to include checksums etc, or (if not)
> anyone else had any local conventions for this information.
> - robert
> _______________________________________________
> doap-interest mailing list
> doap-interest at lists.gnomehack.com
> http://lists.usefulinc.com/mailman/listinfo/doap-interest

More information about the doap-interest mailing list