On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:
The situation with checksum of 'external' files is much worse that you thought. They are actually checked with md5. That being said they are not truly external, since they are hosted on the project infrastructure
...but downloaded via plain HTTP
and the original motivation was not so much malicious injection detection but faulty transfer. using sha1 there would actually be an 'improvement' :-) I guess we could convert that to shasum -a 256
_______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
