Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#51260 - Arch website should provide SHA256 and/or SHA512 for ISO files
Attached to Project:
Arch Linux
Opened by Deactivated account (TechnicalTotoro) - Thursday, 06 October 2016, 19:40 GMT
Last edited by Gerardo Exequiel Pozzi (djgera) - Thursday, 06 October 2016, 20:42 GMT
Opened by Deactivated account (TechnicalTotoro) - Thursday, 06 October 2016, 19:40 GMT
Last edited by Gerardo Exequiel Pozzi (djgera) - Thursday, 06 October 2016, 20:42 GMT
|
DetailsI have recently decided to start using Arch, but it concerns me that you only provide MD5 hashsums and SHA1 hashsums for ISO files, both of these are known to be susceptible to collisions so it would be better to provide the hashums from algorithms such as SHA256 or SHA512. So it would be good to either provide both or one of those in either addition to the current MD5 and SHA1 hashsums given, or in replacement to them.
|
This task depends upon
Closed by Gerardo Exequiel Pozzi (djgera)
Thursday, 06 October 2016, 20:42 GMT
Reason for closing: Won't implement
Additional comments about closing: MD5/SHA1 is used like a CRC, in other words is for error detection, nothing more.
PGP is used as digital signature
error detection != security purposes.
Thursday, 06 October 2016, 20:42 GMT
Reason for closing: Won't implement
Additional comments about closing: MD5/SHA1 is used like a CRC, in other words is for error detection, nothing more.
PGP is used as digital signature
error detection != security purposes.