Re: [Slackbuilds-users] MD5 hash sums
However, you absolutely cannot assume that because the MD5 sum matches that the file is in any way "safe" or was not tampered with /before/ the maintainer got to it. Can I assume that because MD5 sum matches that the file was not tampered after the maintainer got it? I believe this was the original scope of the thread in the first place. Quoting https://en.wikipedia.org/wiki/MD5#Preimage_vulnerability In April 2009, a preimage attack against MD5 was published that breaks MD5's preimage resistance. This attack is only theoretical, ... It was theoretical in 2009. The question is whether or not it was made practical in the past nine years? There are two possible outcomes. One: it was made practical and is not yet published. Two: it is still theoretical. Do you really want to wait until it becomes practical *and* published? ___ SlackBuilds-users mailing list SlackBuilds-users@slackbuilds.org https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/ FAQ - https://slackbuilds.org/faq/
Re: [Slackbuilds-users] MD5 hash sums
24 Αυγ 2018, 2:03 μμ, ο χρήστης «t...@airmail.cc» έγραψε: > Do you really want to wait until it becomes practical *and* published? There is no ending to security measures. You stop to take measures when they’re is no threat, not possibility of threat. 1. Crackers are not stupid to waste time to tamper source code to match the same md5sum, it’s way too much complicated. And it’s very easy to notice. It’s easier for them to write a virus for autorun usb flash’s for other kind of users, not for slackers. 2. If the original coder can’t understand the difference in code after the tampering (I suppose will be huge) whatever measure is useless. (Excuse my English) ___ SlackBuilds-users mailing list SlackBuilds-users@slackbuilds.org https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/ FAQ - https://slackbuilds.org/faq/
Re: [Slackbuilds-users] MD5 hash sums
All -- IMO ( and ITO of other SBo Customers ), The MD5SUM= field in the .info file is to verify that the DOWNLOAD= files that you downloaded the same files that the Maintainer downloaded. Nothing more than that. It is not for security -- the SBo Maintainer cannot guarantee that the source files are secure -- that is the Upstream Developer's duty. IOW, What Habs said. -- kjh On Fri, Aug 24, 2018 at 6:03 AM, wrote: > However, you absolutely cannot assume that because the MD5 sum matches >> that the file is in any way "safe" or was not tampered with /before/ the >> maintainer got to it. >> > > Can I assume that because MD5 sum matches that the file was not tampered > after the maintainer got it? I believe this was the original scope of the > thread in the first place. > > Quoting https://en.wikipedia.org/wiki/MD5#Preimage_vulnerability > > In April 2009, a preimage attack against MD5 was published that breaks >> MD5's preimage resistance. This attack is only theoretical, ... >> > > It was theoretical in 2009. The question is whether or not it was made > practical in the past nine years? There are two possible outcomes. One: it > was made practical and is not yet published. Two: it is still theoretical. > Do you really want to wait until it becomes practical *and* published? > > ___ > SlackBuilds-users mailing list > SlackBuilds-users@slackbuilds.org > https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users > Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/ > FAQ - https://slackbuilds.org/faq/ > > ___ SlackBuilds-users mailing list SlackBuilds-users@slackbuilds.org https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/ FAQ - https://slackbuilds.org/faq/
[Slackbuilds-users] Updates - 20180825.1
Hi all David has submitted qt5-legacy, qt5-webkit-legacy, and PyQt5-legacy (5.7.1) in a separate branch. We will use this branch for testing new qt5 LTS release (5.9.x) soon. Sat Aug 25 03:00:23 UTC 2018 academic/ITK: Support for Slackware current. academic/pari: Updated for version 2.11.0. business/maltego: Added (osint and forensics). business/stansoft: Updated for version 7.14. desktop/Zafiro-icons: Updated for version 0.4. desktop/jgmenu: Updated for version 1.2. desktop/qt5ct: Updated for version 0.36. desktop/simplenote: Updated for version 1.1.7. development/GitEye: Fix symlink. development/Sphinx: Updated for version 1.7.7. development/apitrace: Fixed download. development/beautysh: Updated for version 3.11. development/dte: Added (small and easy to use console text editor). development/envytools: Fixed download. development/jupyter-ipywidgets: Updated for version 7.4.0. development/jupyter-widgetsnbextension: Upgraded for version 3.4.0. development/libretro-samples: Fixed download. development/mutagen: Updated for version 1.41.1. development/radare2: Updated for version 2.8.0. development/sbcl: Updated for version 1.4.10. games/4do-libretro: Fixed download. games/Craft-libretro: Fixed download. games/Gearboy: Fixed download. games/Gearsystem: Fixed download. games/Genesis-Plus-GX: Fixed download. games/QuickNES-Core: Fixed download. games/RetroArch: Patched for upstream regression. games/beetle-bsnes-libretro: Fixed download. games/beetle-gba-libretro: Fixed download. games/beetle-lynx-libretro: Fixed download. games/beetle-ngp-libretro: Fixed download. games/beetle-pce-fast-libretro: Fixed download. games/beetle-pcfx-libretro: Fixed download. games/beetle-psx-libretro: Fixed download. games/beetle-saturn-libretro: Fixed download. games/beetle-supergrafx-libretro: Fixed download. games/beetle-vb-libretro: Fixed download. games/beetle-wswan-libretro: Fixed download. games/blastem-libretro: Fixed download. games/blueMSX-libretro: Fixed download. games/bnes-libretro: Fixed download. games/bsnes-libretro: Fixed download. games/bsnes-mercury: Fixed download. games/cannonball-libretro: Fixed download. games/exult: Fixed download. games/fbalpha: Fixed download. games/fmsx-libretro: Fixed download. games/fortune-ASR: Fixed typo. games/gambatte-libretro: Fixed download. games/gpsp-libretro: Fixed download. games/gw-libretro: Fixed download. games/higan-libretro: Fixed download. games/libretro-2048: Fixed download. games/libretro-desmume: Fixed download. games/libretro-fceumm: Fixed download. games/libretro-handy: Fixed download. games/libretro-lutro: Fixed download. games/libretro-prboom: Fixed download. games/libretro-reicast: Fixed download. games/libretro-vecx: Fixed download. games/libretro-yabause: Fixed download. games/mame2000-libretro: Fixed download. games/mame2010-libretro: Fixed download. games/mame2014-libretro: Fixed download. games/meteor-libretro: Fixed download. games/mupen64plus-libretro: Fixed download. games/nSide-libretro: Fixed download. games/nuvie: Fixed download. games/nxengine-libretro: Fixed download. games/parallel-n64: Fixed download. games/pcsx-rearmed: Fixed download. games/pcsx2: Fixed download. games/picodrive: Fixed download. games/planetblupi: Updated for version 1.13.0. games/prosystem-libretro: Fixed download. games/scid_vs_pc: Updated for version 4.19 + new maintainer. games/scummvm-libretro: Fixed download. games/snes9x2002: Fixed download. games/snes9x2005: Fixed download. games/snes9x2010: Fixed download. games/stella-libretro: Fixed download. games/tyrquake-libretro: Fixed download. games/vba-next: Fixed download. games/vbam-libretro: Fixed download. games/virtualjaguar-libretro: Fixed download. games/z26v3: Added (an Atari 2600 emulator). gis/gpxsee: Updated for version 5.17. gis/ossim: Updated for version 2.5.0. gis/pktools: Updated for version 2.6.7.4. ham/hamlib: Updated for version 3.3 libraries/SDL_kitchensink: Updated for version 1.0.4. libraries/appstream-glib: Updated for version 0.7.12. libraries/levmar: Fixed library symlinks. libraries/libvirt-python: Updated for version 4.5.0. libraries/libvirt: Updated for version 4.5.0. libraries/libwacom: Updated for version 0.31. libraries/msgpack-c: Updated for version 3.1.0. libraries/pgplot: Updated with small fix in profile.d scripts. misc/mosquitto: Updated for version 1.5.1 multimedia/obs-studio: Updated for version 22.0.1 multimedia/opera-developer-ffmpeg-codecs: Updated for version 0.32. multimedia/opera-ffmpeg-codecs: Updated for version 0.32.3. network/claws-mail: Updated for version 3.17.0. network/opera-developer: Updated for version 56.0.3051.0. network/opera: Updated for version 55.0.2994.44. network/palemoon-bin: Updated for version 28.0.0. network/palemoon: Updated for version 28.0.0. network/phpmyadmin: Updated for version 4.8.3. network/riot-web: Updated for version 0.16.1. network/riot-web: Updated for version 0.16.2. network/signal-desktop: Updated for version 1.15.5. network/slimjet: Updated
