3 Dec
2016
3 Dec
'16
8:07 p.m.
I agree that we should use a strong hash by default where it makes sense. But in the absense ob effective validation of upstream packages, this is meaningless.
It would at least indicate that the source file has been tampered with in some way. Even though there would be no way to know the "correct" checksum.