APKBUILD: deprecate md5sums
Alpine being a security focused OS md5 really should be deprecated wherever it is used to provide authenticity or other security relevant properties. The hash sums in APKBUILD do just that for everyone compiling from source.
I suggest not just replacing md5 with something stronger but to use several different hash functions (like Gentoo’s Manifest files do for example).
Debian and others already went through this change “a while back”. If you apprehend any hurdles to a smooth upgrade I’m sure they could help you out. http://wiki.debian.org/MD5inDebian
(from redmine: issue id 1484, created on 2012-11-28, closed on 2013-04-25)
- Changesets:
- Revision 630ec726 by Natanael Copa on 2012-11-29T11:39:33Z:
abuild: use sha256 and sha512 sums instead of md5
ref #1484