Open ehmry opened 9 months ago
@Araq What should be done about this?
Use a better checksum algorithm?
Alright, I'll work on that. I'm just scared that this might break stuff downstream. Hopefully, it won't. :P
The biggest problem is migrating pre-existing installed libraries. We'll have to go through everything in the packages directory, scan everything, compute new SHA-2 hashes, move these files to new directories with the updated hash. Or, alternatively, we can let SHA-1 exist as legacy stuff, and add a new pkgs3
directory with new packages that have SHA-2 hashes.
SHA1 is broken. Many things are broken in Nimble but this is easy to fix.