Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#50017 - use SHA-512 message digests for the ISO file releases

Attached to Project: Community Packages
Opened by . (flysprayer) - Monday, 11 July 2016, 12:43 GMT
Last edited by Allan McRae (Allan) - Monday, 11 July 2016, 12:59 GMT
Task Type Feature Request
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

stop using MD5 and SHA-1 message digests
This task depends upon

Closed by  Allan McRae (Allan)
Monday, 11 July 2016, 12:59 GMT
Reason for closing:  Won't fix
Additional comments about closing:  Use PGP
Comment by Doug Newgard (Scimmia) - Monday, 11 July 2016, 12:52 GMT
Not sure what you're talking about here.
Comment by Christian Hesse (eworm) - Monday, 11 July 2016, 12:56 GMT
Possibly this is about the checksums for the official release media:
https://www.archlinux.org/download/

There's an easy solution... Use the PGP/GPG signature provided.
Comment by Allan McRae (Allan) - Monday, 11 July 2016, 12:58 GMT
The PGP signature supersedes and hash provided on a webpage. If someone can change our iso, they likely can adjust the hash on the webpage too. They can not make a valid PGP signature signed by a well cross-signed key.

Loading...