[pacman-dev] [PATCH 1/3] Revise siglevel_t, adding PACKAGE_HASH_OK field
Dan McGee
dpmcgee at gmail.com
Mon Jul 18 20:05:49 EDT 2011
On Mon, Jul 18, 2011 at 3:52 AM, Kerrick Staley <mail at kerrickstaley.com> wrote:
> This will just require a SHA256 in addition to an MD5 (if one is even
> present), that's all (for some reason I thought it was more complicated than
> that, but you're right). MD5s haven't exactly been broken for our purposes
> (there are no working preimage attacks against MD5 yet), but there is little
> reason to expect that it will stay this way for much longer. So yeah,
> scratch the flag and the corresponding config option, but we should also
> make SHA256 a requirement at some point.
What do you mean by "requirement"? All the tools we ship will provide
it, but since we aren't even verifying it yet in pacman code, that
will need to be added first.
-Dan
More information about the pacman-dev
mailing list