3 Dec
2016
3 Dec
'16
7:41 p.m.
Am 03.12.2016 um 20:07 schrieb Maxwell Anselm via arch-general:
I agree that we should use a strong hash by default where it makes sense. But in the absense ob effective validation of upstream packages, this is meaningless.
It would at least indicate that the source file has been tampered with in some way. Even though there would be no way to know the "correct" checksum.
You mean the source files that you downloaded and then hashed...