[pacman-dev] [PATCH] Change the default makepkg checksum from MD5 to SHA-1

Allan McRae allan at archlinux.org
Thu Jan 16 17:50:35 EST 2014

On 17/01/14 08:41, Jason St. John wrote:
> MD5 has been significantly compromised for years; switching to a more
> secure hash function, such as SHA-1, is long overdue.
> Signed-off-by: Jason St. John <jstjohn at purdue.edu>

No.  It is up to the packager to fill out the checksums with what is
provided upstream.  Because if upstream do not provide the checksums,
they are pointless.  Even better if upstream provides signatures.


More information about the pacman-dev mailing list