Re: [arch-general] Stronger Hashes for PKGBUILDs

[Maxwell Anselm via arch-general]

>
> You mean the source files that you downloaded and then hashed...
>

Yes. If the source files are being modified via a MITM attack (which is
trivial if the host uses HTTP) the checksum is still useful.