On 17/01/14 08:41, Jason St. John wrote: > MD5 has been significantly compromised for years; switching to a more > secure hash function, such as SHA-1, is long overdue. > > Signed-off-by: Jason St. John <[email protected]>
No. It is up to the packager to fill out the checksums with what is provided upstream. Because if upstream do not provide the checksums, they are pointless. Even better if upstream provides signatures. Allan
