[pacman-dev] [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs
Giancarlo Razzolini
grazzolini at archlinux.org
Thu Jan 23 13:32:43 UTC 2020
Em janeiro 22, 2020 23:30 Eli Schwartz escreveu:
> So ultimately that is what this discussion will always devolve to:
>
> - Do we want to ensure TOFU?
Yes.
> - Do we want to give PKGBUILDs the default black mark "uses md5sums
> because maintainer doesn't care about researching sources"?
>
No. Encouraging best packaging practices can and should be done right
from the start.
This discussion is pointless though. Let's continue to use md5sums until
it's completely broken, then we can switch to something else.
Regards,
Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200123/33d1290b/attachment.sig>
More information about the pacman-dev
mailing list