21 Mar
2016
21 Mar
'16
7:31 a.m.
On 21.03.2016 04:27, James Mills wrote:
Whilst changing to sha256sums is probably trivial; it probably doesn't really buy much in terms of "security" (since we're not using md5 for security purposes).
To fill the missing link to providing integrity and confidentiality, we should start cryptographically signing ports on the maintainer's side and check these signatures before building/downloading anything. regards, Thomas