* Pablo Lezaeta Reyes <[email protected]> [2014-12-16 13:50:58 -0300]: > 2014-12-16 6:05 GMT-03:00 Florian Bruhin <[email protected]>: > > > > * Robert Mackanics <[email protected]> [2014-12-16 03:42:51 -0500]: > > > On Monday, December 15, 2014 16:54:04 Marcel Korpel wrote: > > > > Third, don't use md5sums to check file integrity; to avoid collisions, > > > > it is recommended that you use sha256sums. You can set this > > > > in /etc/makepkg.conf (and then you can use updpkgsums to generate > > them). > > > > > > Should we have the makepkg.conf in the pacman package changed to sha256? > > Seems > > > like a good idea that shouldn't bite anybody. > > > > I submitted a patch and it was declined: > > > > https://lists.archlinux.org/pipermail/pacman-dev/2014-June/019081.html > > https://lists.archlinux.org/pipermail/pacman-dev/2014-June/019083.html > > https://lists.archlinux.org/pipermail/pacman-dev/2014-June/019084.html > > > > Florian > > > > -- > > http://www.the-compiler.org | [email protected] (Mail/XMPP) > > GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc > > I love long mails! | http://email.is-not-s.ms/ > > > > As far I underestand it was because "md5 is the most used", so I now add a > commented line in my makepkgs that explain that "I use md5 cause pacman -g > give that".
Just set INTEGRITY_CHECK=(sha256) in your /etc/makepkg.conf and makepkg -g (not pacman -g, by the way) will give you that. I still think that should be the default, but whatever. > I thing maybe if a big number of user submit the patch ask in forums and/or > add the bug (carelessly if is regected) that could bring the questioning if > is a good idea use md5 Doesn't sound like a constructive way to approach this in my opinion. Florian -- http://www.the-compiler.org | [email protected] (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc I love long mails! | http://email.is-not-s.ms/
pgpuNcnlqlQQj.pgp
Description: PGP signature
