On Wed, Oct 11, 2006 at 07:21:40PM +0300, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
Then why Frugalware guys use it instead of md5 now? What advantages it gives them? I'm just curious.
with md5sum, it's almost trivial to make collosions. mirrors can change packages without having the md5sum changed. with sha1, this is much more difficult and of course we know that sha1 is not a cryptographical algorithm, either. i plan to came up with an "optional support for gpg signatures" patch, just it's far from complete at the moment
Regardless, you're getting ahead here... neither of these issues has been discussed at all. We need to take this one step at a time. Applying 30 changes then saying "poof, use this" is never a good idea.
agree. that's one of the main reasons we don't want to fork pacman. when Judd/Aaron/Aurelien merges our patches they are reviewed carefully and you know, the more people review the code, the more bug we find. also they have genious ideas sometimes :) udv / greetings, VMiklos -- Developer of Frugalware Linux, to make things frugal - http://frugalware.org