[lfs-dev] md5 checksum

Bruce Dubbs bruce.dubbs at gmail.com
Mon Dec 18 09:03:25 PST 2017


Zura Kutchava wrote:
> Hi Bruce,
>
> Few days ago I suggested idea about start going from md5 checksum for
> more trustable, for example sha256, or gpg signing.
>
> Is some mistake in this idea? or not needing, or early? or some other
> reason?
>
> I provided script in which I updated md5 checking method from 66 lfs
> packages for 51 and it works for all.
>


Please don't top post when sending to the mailing list.

The md5sum is fine for our purpose.  It is only used to ensure a package 
download is complete.  It is not intended as a protection against a 
malicious change.

   -- Bruce



More information about the lfs-dev mailing list