[dev] PEAR GPG signing (patches)
Michael M Slusarz
slusarz at horde.org
Tue Nov 5 22:08:08 UTC 2013
Quoting Michael M Slusarz <slusarz at horde.org>:
> Quoting Mathieu Parent <math.parent at gmail.com>:
>
>> Can we really rely on md5sums to check files? (response is probably no
>> [1]). A solution would be to add sha1sum to package.xml.
>
> Yes - I thought the same thing when working with PEAR and my next
> patch was to add sha1 support. But all existing package.xml files
> contain md5sums, so this is something that is as critical.
https://github.com/pear/pear-core/pull/21
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list