-
Karel Koci authored
This changes default behavior for security reasons. The idea is to fail if package can't be verified from repository index as there is no hash supported to use for that. This prevents issue that packages can be potentially even falsified if index contains hashes unsupported by updater or even no hash at all. New extra argument was added to Repository command `pkg_hash_required`. This is considered in default as set to `true` but it can be overwritten and set to `false` to disable new behavior. This new behavior is reported by new feature in updater language: fatal_missing_pkg_hash