Project

General

Profile

Feature #1484

APKBUILD: deprecate md5sums

Added by luke simon over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Aports
Target version:
Start date:
11/28/2012
Due date:
% Done:

100%

Estimated time:

Description

Alpine being a security focused OS md5 really should be deprecated wherever it is used to provide authenticity or other security relevant properties. The hash sums in APKBUILD do just that for everyone compiling from source.

I suggest not just replacing md5 with something stronger but to use several different hash functions (like Gentoo's Manifest files do for example).

Debian and others already went through this change "a while back". If you apprehend any hurdles to a smooth upgrade I'm sure they could help you out. http://wiki.debian.org/MD5inDebian

Associated revisions

Revision 630ec726 (diff)
Added by Natanael Copa over 6 years ago

abuild: use sha256 and sha512 sums instead of md5

ref #1484

History

#1 Updated by Natanael Copa about 6 years ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Natanael Copa about 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF