Arch Linux

Since the year 1996 multiple fatal flaws in the MD5 message-digest algorithm have been discovered, as such it is commonly known among cryptographers that it is unsuitable for applications such as digital signatures.

Unfortunately, the default option in /etc/makepkg.conf on line 86 defines MD5 as the default integrity check algorithm.

The integrity check algorithm is not just for verifying if a source file has been corrupted in transfer when running makepkg on a PKGBUILD, it is also used as an additional layer of security. Many upstream developers do not use HTTPS or sign their source code with PGP, and when a user is building a package from such a developer they are vulnerable to a man in the middle attack when MD5 is used.

Concerns have been raised that using a proper SHA-2 based algorithm such as SHA-512 or SHA-256 would present a performance issue on low power computers. However, the speed difference between SHA-2 algorithms and MD5 is extremely negligible even when hashing files orders of magnitudes larger than what common source files are. These integrity checks are also only used when building packages, not when installing them.

There are two steps to addressing this issue. First, line 86 in /etc/makepkg.conf in the pacman package should be changed to the following line.
INTEGRITY_CHECK=(sha512)
Second, all PKGBUILD scripts should be updated to include SHA-512 hashes and remove the MD5 and or SHA-1 hashes. This includes those in the official repositories and especially the Arch User Repository. In order to enforce this policy on the Arch User Repository, any PKGBUILD scripts uploaded without SHA-512 hashes should be rejected from this point onward.