2014-12-16 6:05 GMT-03:00 Florian Bruhin <me@the-compiler.org>:
On Monday, December 15, 2014 16:54:04 Marcel Korpel wrote:
Third, don't use md5sums to check file integrity; to avoid collisions, it is recommended that you use sha256sums. You can set this in /etc/makepkg.conf (and then you can use updpkgsums to generate
* Robert Mackanics <schnoopay@gmx.com> [2014-12-16 03:42:51 -0500]: them).
Should we have the makepkg.conf in the pacman package changed to sha256?
Seems
like a good idea that shouldn't bite anybody.
I submitted a patch and it was declined:
https://lists.archlinux.org/pipermail/pacman-dev/2014-June/019081.html https://lists.archlinux.org/pipermail/pacman-dev/2014-June/019083.html https://lists.archlinux.org/pipermail/pacman-dev/2014-June/019084.html
Florian
-- http://www.the-compiler.org | me@the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/
As far I underestand it was because "md5 is the most used", so I now add a commented line in my makepkgs that explain that "I use md5 cause pacman -g give that". I thing maybe if a big number of user submit the patch ask in forums and/or add the bug (carelessly if is regected) that could bring the questioning if is a good idea use md5 -- *Pablo Lezaeta*