[pacman-dev] $ARCH suffix on packages
VMiklos
vmiklos at frugalware.org
Wed Oct 11 16:40:29 EDT 2006
On Wed, Oct 11, 2006 at 07:21:40PM +0300, Roman Kyrylych <roman.kyrylych at gmail.com> wrote:
> Then why Frugalware guys use it instead of md5 now? What advantages it
> gives them? I'm just curious.
with md5sum, it's almost trivial to make collosions. mirrors can change
packages without having the md5sum changed. with sha1, this is much more
difficult
and of course we know that sha1 is not a cryptographical algorithm,
either. i plan to came up with an "optional support for gpg signatures"
patch, just it's far from complete at the moment
> > Regardless, you're getting ahead here... neither of these issues has
> > been discussed at all. We need to take this one step at a time.
> > Applying 30 changes then saying "poof, use this" is never a good idea.
agree. that's one of the main reasons we don't want to fork pacman. when
Judd/Aaron/Aurelien merges our patches they are reviewed carefully and
you know, the more people review the code, the more bug we find. also
they have genious ideas sometimes :)
udv / greetings,
VMiklos
--
Developer of Frugalware Linux, to make things frugal - http://frugalware.org
More information about the pacman-dev
mailing list