[pacman-dev] [PATCH 1/3] Revise siglevel_t, adding PACKAGE_HASH_OK field
Allan McRae
allan at archlinux.org
Mon Jul 18 03:34:26 EDT 2011
On 18/07/11 16:59, Kerrick Staley wrote:
> And...
> I didn't actually hit save, so this is missing the ALPM_SIG_ERROR
> part. Here's the fixed version.
>
> Revise siglevel_t, adding PACKAGE_HASH_OK field
>
> The ALPM_SIG_PACKAGE_HASH_OK field indicates that secure hashes are to
> be acceptable as signatures.
I do not understand how is this a useful option. There is always a hash
in the repo database assuming it is created using repo-add (md5sum gets
used as a download check, and sha256sums are there but do nothing). So
this is the same as setting signature checking as "Optional" or "None".
Also, is md5sum is a secure hash?
Allan
More information about the pacman-dev
mailing list