sha1sum problem
Bryan Quigley
bryan.quigley at canonical.com
Fri Feb 24 15:45:15 UTC 2017
I'm going to look at adding the SHA256SUM for all the files in
download.lst. It looks like we can add them without breaking
anything. Then we can test out how we want to switch or if we need to
support both for a bit (platform dependent?).
Thoughts?
Bryan
(Of course, technically my SHA256SUMs will be based on the existing
HTTP download and MD5SUM...)
On Fri, Feb 24, 2017 at 10:25 AM, Stephan Bergmann <sbergman at redhat.com> wrote:
> On 02/24/2017 03:47 PM, Norbert Thiebaud wrote:
>>
>> The situation with checksum of 'external' files is much worse that you
>> thought.
>> They are actually checked with md5.
>> That being said they are not truly external, since they are hosted on
>> the project infrastructure
>
>
> ...but downloaded via plain HTTP
>
>> and the original motivation was not so much malicious injection
>> detection but faulty transfer.
>> using sha1 there would actually be an 'improvement' :-)
>>
>> I guess we could convert that to shasum -a 256
>
>
> _______________________________________________
> LibreOffice mailing list
> LibreOffice at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/libreoffice
More information about the LibreOffice
mailing list