Zura Kutchava wrote:
Hi Bruce,
Few days ago I suggested idea about start going from md5 checksum for
more trustable, for example sha256, or gpg signing.
Is some mistake in this idea? or not needing, or early? or some other
reason?
I provided script in which I updated md5 checking method from 66 lfs
packages for 51 and it works for all.
Please don't top post when sending to the mailing list.
The md5sum is fine for our purpose. It is only used to ensure a package
download is complete. It is not intended as a protection against a
malicious change.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
