[Yum-devel] [PATCH] Add verison groups, for the version command.
Seth Vidal
skvidal at fedoraproject.org
Fri Sep 25 18:32:56 UTC 2009
On Thu, 24 Sep 2009, James Antill wrote:
> # yum version
> Loaded plugins: aliases, noop, presto, security
> Installed: 11/x86_64 1389:4e20e3f746e930be138bc78810e686c69c899a1d
> Group-Installed: james-RHEL 5:27475cdd7a7a35e01c52f7ae204344b7ce50eeb6
> Group-Installed: yum 18:40d9dd4828d8627e0cfd6ce8d48a03fac5e3a4a8
> version
>
> Now for the same file we get:
>
> md5 47725e181cfeb8dde303d0782be0f5d5
> sha1 1f9cc1ba30446e040f386771ec9a224c4f5b454a
> sha256 c8d58b53261b284ad69aef6b64fd8d95c24b30bba4ae3a66ce846495683db044
>
> ...so I figured it was worth moving from md5 to sha1, but the move to
> sha256 wasn't worth it. Also it seems like any decent attacker would
> keep the nevra's the same (and thus. not alter the checksum anyway).
<shrug> - just thought I'd keep us from getting one of those silly
"SECURITY: YUM USES INSECURE CHECKSUM!" crap emails.
-sv
More information about the Yum-devel
mailing list