3 Jul
2007
3 Jul
'07
9:46 p.m.
Oh no, when reading the archives, I forgot to bookmark several important mails, took me a while to find this one back : http://www.archlinux.org/pipermail/pacman-dev/2006-October/006029.html So that's Judd opinion on that matter: "I never pretended that md5 was for anything security-related. If we were trying for security, we would've gone straight to signed packages. The md5sum was added to make sure downloaded files weren't corrupt. I don't see the point of SHA1 if we're still using it/them for download validation. If we want security, then we might as well do it right." As for my opinion on this, it's exactly the same as Andrew, it complicates the code for 0 benefit...