Re: Stronger Hashes for PKGBUILDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 07/12/16 19:58, Gregory Mullen wrote:
>> But we don't care about that...  we just want to feel warm and fuzzy with
> a false sense of security.
> 
> No one is suggesting sha*sum replace, and actual security/authentication
> check. Only that maybe it's not a good idea to use a system we all know is
> broken.
> 

If everyone knows it is broken, upstream will not be providing md5sums
to compare against and then and PKGBUILD maintainer that has verified
the source files using upstream provided hashes will not use md5sum.

All we do by changing away from md5sum as the default is hiding the
large number of packages that do nothing to verify upstream source
integrity.

In fact, I am making CRC the default.

A



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux