>
> I agree that we should use a strong hash by default where it makes
> sense. But in the absense ob effective validation of upstream packages,
> this is meaningless.
>

It would at least indicate that the source file has been tampered with in
some way. Even though there would be no way to know the "correct" checksum.

Reply via email to