-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Has this idea ever been bounced around?
yes, several times and latest one is on IRC > Switch from md5sum to sha256sum for *.info files? Obviously it > would be a pretty big undertaking, and maybe not really worth it > ... what are the thoughts of the great minds here? We only host scripts, not source or binary packages. It's upstream job's to make sure their packages are safe since they provide the source. We have our scripts signed with GPG and that's what we should use to make sure that the scripts comes from us. for small source, SHA256 is fine, but if you take large source files, it could take a while to generate and verify using SHA256. - -- Willy Sudiarto Raharjo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlUxqqwACgkQiHuDdNczM4Fy5wCeP7iqjDcnU21e3h1xYfc+pFjs 140An15w8UV/KdRQjVNbPMKN2xOUjBR0 =wVIb -----END PGP SIGNATURE----- _______________________________________________ SlackBuilds-users mailing list [email protected] http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users Archives - http://lists.slackbuilds.org/pipermail/slackbuilds-users/ FAQ - http://slackbuilds.org/faq/
