Summary: | more hashes on installed binaries | ||
---|---|---|---|
Product: | Portage Development | Reporter: | James <James> |
Component: | Enhancement/Feature Requests | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED LATER | ||
Severity: | enhancement | CC: | preed |
Priority: | Lowest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=605082 https://bugs.gentoo.org/show_bug.cgi?id=836954 https://bugs.gentoo.org/show_bug.cgi?id=654122 https://bugs.gentoo.org/show_bug.cgi?id=523706 https://bugs.gentoo.org/show_bug.cgi?id=230818 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 193766 |
Description
James
2006-05-28 12:25:28 UTC
Portage stored MD5 hashes, I don't see any benefit from using SHA256 for this, TBH... Where are the md5 hashes? It is my understanding that md5 hashes are insecure. SHA256 is considerably better. Needs a new vdb format => not anytime soon. (In reply to comment #2) > Where are the md5 hashes? See CONTENTS files in /var/db/pkg/<category>/<ebuild>. You can use 'equery check <pkgspec> from gentoolkit to verify the MD5 checksums for ebuilds. i thought portage already supported SHA1 in CONTENTS ? or am i just imagining ? (In reply to comment #5) > i thought portage already supported SHA1 in CONTENTS ? or am i just imagining > ? The second. The CONTENTS format is nothing you can change that easily. |