[arch-general] Stronger Hashes for PKGBUILDs

Gregory Mullen greg at grayhatter.com
Wed Dec 7 10:17:55 UTC 2016


If the argument left is, I don't want (better checksum) because it's
shouldn't be thought of as a security check, and I want a security check.

Why can't the requirement be PGP sig's are now required, and we drop the
checksum completely?

On Wed, Dec 7, 2016 at 2:14 AM, Bennett Piater <bennett at piater.name> wrote:

> > In fact, I am making CRC the default.
>
> I assume this to be sarcasm.
> In any case, this may not be a good idea because the younglings will
> have never heard about it and don't know how insecure it is ;)
>
> Cheers,
> Bennett
>
> --
> GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808
>
>


More information about the arch-general mailing list