Am 03.12.2016 um 20:07 schrieb Maxwell Anselm via arch-general:
>>
>> I agree that we should use a strong hash by default where it makes
>> sense. But in the absense ob effective validation of upstream packages,
>> this is meaningless.
>>
> 
> It would at least indicate that the source file has been tampered with in
> some way. Even though there would be no way to know the "correct" checksum.
> 

You mean the source files that you downloaded and then hashed...

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to