[Slackbuilds-users] MD5 hash sums
Konrad J Hambrick
kjhambrick at gmail.com
Fri Aug 24 11:36:11 UTC 2018
IMO ( and ITO of other SBo Customers ), The MD5SUM= field in the .info file
is to verify that the DOWNLOAD= files that you downloaded the same files
that the Maintainer downloaded.
Nothing more than that.
It is not for security -- the SBo Maintainer cannot guarantee that the
source files are secure -- that is the Upstream Developer's duty.
IOW, What Habs said.
On Fri, Aug 24, 2018 at 6:03 AM, <thyr at airmail.cc> wrote:
> However, you absolutely cannot assume that because the MD5 sum matches
>> that the file is in any way "safe" or was not tampered with /before/ the
>> maintainer got to it.
> Can I assume that because MD5 sum matches that the file was not tampered
> after the maintainer got it? I believe this was the original scope of the
> thread in the first place.
> Quoting https://en.wikipedia.org/wiki/MD5#Preimage_vulnerability
> In April 2009, a preimage attack against MD5 was published that breaks
>> MD5's preimage resistance. This attack is only theoretical, ...
> It was theoretical in 2009. The question is whether or not it was made
> practical in the past nine years? There are two possible outcomes. One: it
> was made practical and is not yet published. Two: it is still theoretical.
> Do you really want to wait until it becomes practical *and* published?
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SlackBuilds-users