18 Jul
2011
18 Jul
'11
7:34 a.m.
On 18/07/11 16:59, Kerrick Staley wrote:
And... I didn't actually hit save, so this is missing the ALPM_SIG_ERROR part. Here's the fixed version.
Revise siglevel_t, adding PACKAGE_HASH_OK field
The ALPM_SIG_PACKAGE_HASH_OK field indicates that secure hashes are to be acceptable as signatures.
I do not understand how is this a useful option. There is always a hash in the repo database assuming it is created using repo-add (md5sum gets used as a download check, and sha256sums are there but do nothing). So this is the same as setting signature checking as "Optional" or "None". Also, is md5sum is a secure hash? Allan