[pacman-dev] MD5/SHA* why?

Mateusz Jedrasik m.jedrasik at gmail.com
Tue Jul 3 15:44:50 EDT 2007


Tuesday 03 of July 2007 21:40:17 Andrew Fyfe napisał(a):
> I asked this question a while ago about makepkg now I'm asking about
> pacman... why do we need support for multiple checksum types? What's
> wrong with md5?
>
> Andrew
>
> _______________________________________________
> pacman-dev mailing list
> pacman-dev at archlinux.org
> http://archlinux.org/mailman/listinfo/pacman-dev

It's broken ;) Not that valid maybe and important when it comes to package 
corruption checks, but certainly it has been already proven crackable.

And also, it wouldn't hurt I guess to use both. Most modern CPU's are good for 
it. And, when all else fails, there's the ground statement - everyone else's 
doing it! ;-)

And by everyone else I mean ports/pkgsrc as they are the only other package 
management systems I use.

Cheers,

//m.
-- 
Mateusz Jędrasik <m.jedrasik at gmail.com>
tel. +48(79)022-9393, +48(51)69-444-90
http://imachine.szklo.eu.org




More information about the pacman-dev mailing list