On 18/07/11 16:59, Kerrick Staley wrote:
And...
I didn't actually hit save, so this is missing the ALPM_SIG_ERROR
part. Here's the fixed version.
Revise siglevel_t, adding PACKAGE_HASH_OK field
The ALPM_SIG_PACKAGE_HASH_OK field indicates that secure hashes are to
be acceptable as signatures.
I do not understand how is this a useful option. There is always a hash
in the repo database assuming it is created using repo-add (md5sum gets
used as a download check, and sha256sums are there but do nothing). So
this is the same as setting signature checking as "Optional" or "None".
Also, is md5sum is a secure hash?
Allan
