[pacman-dev] [PATCH] Remove support for SHA1 from pacman.

Dan McGee dpmcgee at gmail.com
Wed Aug 15 22:55:20 EDT 2007

On 7/25/07, Andrew Fyfe <andrew at neptune-one.net> wrote:
> There's no need for a second hashing algorithm. MD5 serves the purpose
> of verifying that a package file hasn't been corrupted during download.
> Signed-off-by: Andrew Fyfe <andrew at neptune-one.net>

So I've been thinking this one over for a while. On one hand, I agree
with the thought. For sure, I think we don't need more than one
hashing algorithm. The only real question is whether we should switch
to sha1 or not. If no, then this sequence of two patches should be

What I really want to hear are thoughts on this issue. We are using
md5sums for two main reasons- verification of package downloads, and
determining whether a backup file has changed. With this in mind, I
think md5 is sufficient to serve our needs.

Please chime in on this.


More information about the pacman-dev mailing list