[LEDE-DEV] SHA256 hashes for packages

Heinrich Schuchardt xypron.glpk at gmx.de
Thu Jan 5 14:28:21 PST 2017


Hello Hannu,

why should a variable be called MD5 if it holds an SHA256 hash? That
does not make any sense.

Could you, please, point me to the thread on the openwrt or lede list
that discussed this weird idea.

Abusing the MD5 variable with SHA256 hashes will break compatibility
with older openwrt releases.

If you want an SHA256 hash, please, use an SHA256 variable.

This was already pointed out in
https://bugs.lede-project.org/index.php?do=details&task_id=326&order=id&sort=asc&order2=summary&sort2=desc

Anyway it is safer to use multiple hashes.

Best regards

Heinrich Schuchardt


On 01/05/2017 11:05 PM, Hannu Nyman wrote:
> Could you please update the PR a bit and replace the MD5 hash with a
> SHA256 hash.
> 
> (Leave the variable name as it is now, but replace the hash itself with
> the longer SHA256 hash.)
> 
> Same goes for other packages that you maintaining. MD5 is being phased
> out, so please use SHA256 when issuing updates as PRs.
> 




More information about the Lede-dev mailing list