tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Add SHA512 digests to package metadata

On Mon, Oct 19, 2015 at 12:14:09PM -0700, Alistair Crooks wrote:
> As I said, I'd like for us to stop relying on MD5 sums as a priority.

I don't see why we have to change something here immediately and can't
do it properly in one step. The MD5 sums are a poor man's IDS at best,
if someone can change the files on disk or in the package, you have
already far bigger problems. The only point to "we must change now" is a
checkbox on a bad auditor's list.


Home | Main Index | Thread Index | Old Index