16 Jan
2014
16 Jan
'14
10:50 p.m.
On 17/01/14 08:41, Jason St. John wrote:
MD5 has been significantly compromised for years; switching to a more secure hash function, such as SHA-1, is long overdue.
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
No. It is up to the packager to fill out the checksums with what is provided upstream. Because if upstream do not provide the checksums, they are pointless. Even better if upstream provides signatures. Allan