[arch-general] [arch-dev-public] Can we trust our mirrors?
Thomas Bächler
thomas at archlinux.org
Sat Nov 29 09:37:18 EST 2008
Gerhard Brauer schrieb:
> For myself i don't accept the "md5sum is bad" argument as a "stopper"
> for each idea to provide a pacman secure concept ;-)
I wasn't going to stop you. Signed db files are an important first step.
My point is that it was often suggested to move from md5 to something
more secure. This suggestion was always rejected because we never used
md5 for security. If we are going to implement your suggestion (and I
vote that we do), we should really consider a better hash!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://archlinux.org/pipermail/arch-general/attachments/20081129/e5590668/attachment.pgp>
More information about the arch-general
mailing list