[arch-general] Stronger Hashes for PKGBUILDs
sivmu
sivmu at web.de
Sat Dec 3 19:41:17 UTC 2016
Am 03.12.2016 um 20:07 schrieb Maxwell Anselm via arch-general:
>>
>> I agree that we should use a strong hash by default where it makes
>> sense. But in the absense ob effective validation of upstream packages,
>> this is meaningless.
>>
>
> It would at least indicate that the source file has been tampered with in
> some way. Even though there would be no way to know the "correct" checksum.
>
You mean the source files that you downloaded and then hashed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20161203/dfd33c2d/attachment.asc>
More information about the arch-general
mailing list