Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

To: debian-devel@lists.debian.org
Subject: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
From: Michael Gilbert <mgilbert@debian.org>
Date: Fri, 12 Oct 2012 16:52:31 -0400
Message-id: <[🔎] CANTw=MNPfrP=N+92tHmy7tSqp8WQrKpEXyNghif0NHs0zPmLHQ@mail.gmail.com>
In-reply-to: <[🔎] 1350074736.9604.22.camel@fermat.scientia.net>
References: <[🔎] 1349911198.3341.117.camel@fermat.scientia.net> <[🔎] 20121011163521.GC4151@p12n.org> <[🔎] 1349977131.3370.29.camel@fermat.scientia.net> <[🔎] CAAZ6_fAgOpwsdmmjZXm5P_UocZ0CjEsx=oHoe2gG_ryBwNcGxQ@mail.gmail.com> <[🔎] 1350073860.9604.20.camel@fermat.scientia.net> <[🔎] CANTw=MP9wqmuuey4-erR4JNNRZn1NnpKPSCbz5nT1ca4DrunLA@mail.gmail.com> <[🔎] 1350074736.9604.22.camel@fermat.scientia.net>

On Fri, Oct 12, 2012 at 4:45 PM, Christoph Anton Mitterer wrote:
> On Fri, 2012-10-12 at 16:37 -0400, Michael Gilbert wrote:
>> Which is impossible, or at least man-powerwise insurmountable.  There
>> are something like 500 million lines of code in a Debian release.
> I wasn't talking about such an impossible task,... but there speaks
> nothing against relatively easy things,... like securing all of our
> package repository infrastructure by strong algos (as we already did)...
> and trying to prevent higher level attacks, like downgrade attacks.

Do you have evidence of any of those things?  If so, please submit
bugs, and we will look at fixing them.  Otherwise, speculation gets us
nowhere and actually wastes time.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Peter Samuelson <peter@p12n.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: David Kalnischkies <kalnischkies@gmail.com>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by Date: Re: (seemingly) declinging bug report numbers
Previous by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Index(es):
- Date
- Thread