[Slackbuilds-users] md5sums [was: Flowblade]

B Watson yalhcru at gmail.com
Tue May 2 16:28:46 UTC 2017


On 5/2/17, General <gen-bch at useyouresp.org.uk> wrote:
>
> Which leads me to another [general] question:  when getting a source of
> Github (of which I am not too familiar) , what happens in terms of process
> that leads to the md5sum's on the slackbuilds.org..... I could not see any
> published [by the developers] any checksums etc ?

Whoever writes the SlackBuild downloads the file and calculates its
md5sum. In other words, they come from the SBo maintainer, not from the
upstream devs.

As a user, the md5sum matching means you're using the same source as the
SBo maintainer wrote his script for... but there's no 'chain of trust'
beyond that.

(About now, someone will chime in with 'But md5 is weak and has been
exploited!', I'll leave that discussion for later...)


More information about the SlackBuilds-users mailing list