[Slackbuilds-users] MD5 hash sums

thyr at airmail.cc thyr at airmail.cc
Tue Aug 21 11:32:32 UTC 2018


I have a question about DOWNLOAD and MD5SUM variables in the 
<package>.info files.

As this page https://www.gnupg.org/faq/weak-digest-algos.html states:

> It is better to entirely avoid the MD5 algorithm and don't put any 
> value in signatures based on MD5.

Would that be a valid concern for the .info files?

A lot of DOWNLOAD links are plain http ones and thus are suspectible to 
MITM tinkering on the ISP side...

More information about the SlackBuilds-users mailing list