[arch-general] Stronger Hashes for PKGBUILDs

Eli Schwartz eschwartz at archlinux.org
Mon May 14 00:25:17 UTC 2018

On 05/13/2018 08:11 PM, Leonid Isaev via arch-general wrote:
> On Sun, May 13, 2018 at 08:19:19PM +0200, Neven Sajko via arch-general wrote:
>> On 13 May 2018 at 20:11, Neven Sajko <nsajko at gmail.com> wrote:
>>> I do agree that using md5 is absurd, ...
>> To clarify, md5 *is* unsecure and is even slower or not significantly
>> faster than hashes from the Keccak and BLAKE2 families; using
>> signatures would be a plus but signatures are not an argument for md5.
> It is trivial to enable blake2 support in makepkg using b2sum(1) from the
> coreutils package. Currently, I only saw gentoo using it but I didn't do
> proper research on this...

Maybe you could ask the coreutils developers whatever happened to
implementing Keccak checksumming tools.

Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20180513/36701987/attachment.asc>

More information about the arch-general mailing list