Mailinglist Archive: opensuse-buildservice (140 mails)

< Previous Next >
Re: [opensuse-buildservice] adding checksums to the buildinfo
On Tue, Jul 17, 2012 at 5:38 PM, Pascal Bleser
<pascal.bleser@xxxxxxxxxxxx> wrote:
(don't use MD5, it's insecure and can relatively easily be
hacked with collisions, use SHA instead ;))

While this is basically true MD5 is used in OBS all over the place and
thus for consistency and code reuse reasons it might still make sense
to go with that. It should also be noted that the intent of the MD5
sum in Marcus' proposal is not to add a layer of security for
malicious attacks (that you better prevent by verifying RPM signatures
and SSL certificates for the connection (when using https)) but to use
it as a simple checksum mechanism to detect technical transmission
issues.

Robert
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >