[pacman-dev] [PATCH 1/3] Revise siglevel_t, adding PACKAGE_HASH_OK field
Kerrick Staley
mail at kerrickstaley.com
Mon Jul 18 04:52:50 EDT 2011
This will just require a SHA256 in addition to an MD5 (if one is even
present), that's all (for some reason I thought it was more complicated than
that, but you're right). MD5s haven't exactly been broken for our purposes
(there are no working preimage attacks against MD5 yet), but there is little
reason to expect that it will stay this way for much longer. So yeah,
scratch the flag and the corresponding config option, but we should also
make SHA256 a requirement at some point.
-Kerrick Staley
On Jul 18, 2011 2:31 AM, "Allan McRae" <allan at archlinux.org> wrote:
More information about the pacman-dev
mailing list