Re: md5 hashes used in security announcements

To: Kees Cook <kees@outflux.net>
Cc: Raphael Geissert <atomo64+debian@gmail.com>, debian-security@lists.debian.org
Subject: Re: md5 hashes used in security announcements
From: Sjors Gielen <dazjorz@dazjorz.com>
Date: Fri, 24 Oct 2008 22:35:52 +0200
Message-id: <[🔎] 490231A8.1040404@dazjorz.com>
In-reply-to: <[🔎] 20081024203301.GN21108@outflux.net>
References: <[🔎] 4901CC1A.5040809@bircd.org> <[🔎] 874p327yy5.fsf@mid.deneb.enyo.de> <[🔎] 49021A4A.8040803@bircd.org> <[🔎] gdta74$mpc$1@ger.gmane.org> <[🔎] 20081024203301.GN21108@outflux.net>

Kees Cook wrote:
> Additionally, it doesn't matter -- it's just the md5 in the email
> announcement.  The Release and Packages files for the archive have SHA1
> and SHA256.  The md5 from the announcement is almost not important,
> IMO -- no one should download files individually from the announcement.

So if the Release and Packages files are using SHA1 and SHA256, why
aren't the announcements?

Sjors

Reply to:

Follow-Ups:
- Re: md5 hashes used in security announcements
  - From: Kees Cook <kees@outflux.net>
- Re: md5 hashes used in security announcements
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- md5 hashes used in security announcements
  - From: Bas Steendijk <beware@bircd.org>
- Re: md5 hashes used in security announcements
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: md5 hashes used in security announcements
  - From: Bas Steendijk <beware@bircd.org>
- Re: md5 hashes used in security announcements
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: md5 hashes used in security announcements
  - From: Kees Cook <kees@outflux.net>

Prev by Date: Re: md5 hashes used in security announcements
Next by Date: Re: md5 hashes used in security announcements
Previous by thread: Re: md5 hashes used in security announcements
Next by thread: Re: md5 hashes used in security announcements
Index(es):
- Date
- Thread