[doap-interest] Auditing Releases
Robert Burrell Donkin
robertburrelldonkin at blueyonder.co.uk
Sat Aug 23 15:24:54 BST 2008
On Thu, 2008-08-14 at 13:33 +1200, Stuart A. Yeates wrote:
> I'd be inclined to do this using a mime-typed label, such as:
>
> <rdf:Description rdf:about="http://example.com/build-product-1.2.3.zip">
> <rdfs:label mime-type="x-sha1-checksum">1234567890ABCDEF</rdfs:label>
> </rdf:Description>
thanks for the reply
i'd be interested to understand the reasoning behind this recommendation. checksums and signatures are different names for the same artifact but i'm not sure that i'd describe them as particularly human readable.
- robert
> There is a "pgp-signature" mime-type already registered, if you are using that.
>
> cheers
> stuart
>
>
> On Thu, Aug 14, 2008 at 9:34 AM, Robert Burrell Donkin
> <robertburrelldonkin at blueyonder.co.uk> wrote:
> > one of my interests is auditing open source releases. anditing and
> > widely disseminating sums for released artifacts provides defense in
> > depth against poisoning at source. for example,
> > http://incubator.apache.org/audit/.
> >
> > i plan to add some RDFa instrumentation. if possible, i'd like to reuse
> > vocabulary. so i wondered whether the DOAP community has any ideas/plans
> > to extend it's release information to include checksums etc, or (if not)
> > anyone else had any local conventions for this information.
> >
> > - robert
> >
> > _______________________________________________
> > doap-interest mailing list
> > doap-interest at lists.gnomehack.com
> > http://lists.usefulinc.com/mailman/listinfo/doap-interest
> >
> _______________________________________________
> doap-interest mailing list
> doap-interest at lists.gnomehack.com
> http://lists.usefulinc.com/mailman/listinfo/doap-interest
>
More information about the doap-interest
mailing list