Am 03.12.2016 um 20:07 schrieb Maxwell Anselm via arch-general: >> >> I agree that we should use a strong hash by default where it makes >> sense. But in the absense ob effective validation of upstream packages, >> this is meaningless. >> > > It would at least indicate that the source file has been tampered with in > some way. Even though there would be no way to know the "correct" checksum. > You mean the source files that you downloaded and then hashed...
Attachment:
signature.asc
Description: OpenPGP digital signature
