[lfs-dev] md5 checksum

Bruce Dubbs bruce.dubbs at gmail.com
Mon Dec 18 09:03:25 PST 2017

Zura Kutchava wrote:
> Hi Bruce,
> Few days ago I suggested idea about start going from md5 checksum for
> more trustable, for example sha256, or gpg signing.
> Is some mistake in this idea? or not needing, or early? or some other
> reason?
> I provided script in which I updated md5 checking method from 66 lfs
> packages for 51 and it works for all.

Please don't top post when sending to the mailing list.

The md5sum is fine for our purpose.  It is only used to ensure a package 
download is complete.  It is not intended as a protection against a 
malicious change.

   -- Bruce

More information about the lfs-dev mailing list