cargame.nl, exactly, that is why that must change, also since lfs is a windows application it would be good to also start using authenticode https://msdn.microsoft.com/en-us/library/ms537359(v=vs.85).aspx

rowdog, no, i do not do anything 'cargo cult', this is for security also, not only about probable corruption

Gutholz, we have seat-belts, we must use them

cargame.nl, even so, victor is one of the team members, scawen can tell him to change it

racon, i do not understand you, are you against better security?

gutholz, people download from mirrors also, mitm attacks are possible, and most people do not verify the file by comparing the hashes, it will help those that do verify the files

racon, the fact that md5 was used, proves that they are not aware of the security issues

the more certain we can be, the better

it is about best security practices

think of it like wearing a seatbelt, it does not mean that you will die in a car crash if you do not wear it, but if there is a serious collision, you would be glad that you were wearing it

it is a very bad idea to continue to use md5 and/or sha1

the goal is to stop using weak and/or broken cryptography algorithms

https://en.wikipedia.org/wiki/Cryptographic_hash_function

it is not a checksum, it is a message digest

it is still md5 in the download page