[arch-general] Stronger Hashes for PKGBUILDs
leonid.isaev at jila.colorado.edu
Wed May 9 23:25:57 UTC 2018
On Wed, May 09, 2018 at 09:30:51PM +0200, Neven Sajko wrote:
> I would just like to note that SHA-2 hashes are inferior to Keccak and
> to BLAKE2. So better not to spend effort migrating to SHA-2.
Strength of various SHA hashes is a different topic. My only point was that
relying on md5 these days is like having no hashes at all or using the source
filename as a hash...
And there should be no migration -- when a new version of a package is released
or a rebuild happens, just update the *sums array.
More information about the arch-general