[Slackbuilds-users] sha256sum instead of md5sum?

Erik Hanson erik at slackbuilds.org
Sat Apr 18 00:44:26 UTC 2015


On Fri, 17 Apr 2015 16:28:28 -0700
"Ryan P.C. McQuen" <ryan.q at linux.com> wrote:

> Hello fellow Slackers,
> 
> Has this idea ever been bounced around?
> 
> Switch from md5sum to sha256sum for *.info files? Obviously it would
> be a pretty big undertaking, and maybe not really worth it ... what
> are the thoughts of the great minds here?

This comes up from time to time. We are all well aware that MD5 collisions
are easily generated, however, we're not providing MD5 sums as any kind of
warranty. Our use case is simply to say "this is the version of this file
we used to approve the script" - it's a convenience, it is not used for
security. Even if it were, we have no control over upstream sources anyway.
If we hosted sources, which we're not going to do, then we would have used
something stronger.

That said, I'm not against using something else. It's probably not worth
the effort, though, when the end result will be the same. There might also
be something to be said for potentially unmaintained 3rd party tools.


-- 
Erik Hanson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20150417/be779843/attachment.asc>


More information about the SlackBuilds-users mailing list