The widespread use of MD5 in AUR is because that is the default in makepkg, making it both AUR's and makepkg's "problem".
> It doesn't matter what algorithm you use
Of course it matters, they have different guarantees. A secure hash would at least guarantee that the file you get is the same one the packager got, MD5 doesn't. They are refusing to use strictly better alternatives out of pure stubbornness.
> It doesn't matter what algorithm you use
Of course it matters, they have different guarantees. A secure hash would at least guarantee that the file you get is the same one the packager got, MD5 doesn't. They are refusing to use strictly better alternatives out of pure stubbornness.