[Slackbuilds-users] sha256sum instead of md5sum?
Willy Sudiarto Raharjo
willysr at slackbuilds.org
Sat Apr 18 00:51:56 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Has this idea ever been bounced around?
yes, several times and latest one is on IRC
> Switch from md5sum to sha256sum for *.info files? Obviously it
> would be a pretty big undertaking, and maybe not really worth it
> ... what are the thoughts of the great minds here?
We only host scripts, not source or binary packages. It's upstream
job's to make sure their packages are safe since they provide the source.
We have our scripts signed with GPG and that's what we should use to
make sure that the scripts comes from us.
for small source, SHA256 is fine, but if you take large source files,
it could take a while to generate and verify using SHA256.
- --
Willy Sudiarto Raharjo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlUxqqwACgkQiHuDdNczM4Fy5wCeP7iqjDcnU21e3h1xYfc+pFjs
140An15w8UV/KdRQjVNbPMKN2xOUjBR0
=wVIb
-----END PGP SIGNATURE-----
More information about the SlackBuilds-users
mailing list