APKBUILD: deprecate md5sums
Alpine being a security focused OS md5 really should be deprecated wherever it is used to provide authenticity or other security relevant properties. The hash sums in APKBUILD do just that for everyone compiling from source.
I suggest not just replacing md5 with something stronger but to use several different hash functions (like Gentoo's Manifest files do for example).
Debian and others already went through this change "a while back". If you apprehend any hurdles to a smooth upgrade I'm sure they could help you out. http://wiki.debian.org/MD5inDebian
#1 Updated by Natanael Copa about 6 years ago
- Tracker changed from Bug to Feature
- Status changed from New to Resolved
- % Done changed from 0 to 100