Bug#1011261: The digest algorithm in SHA512SUMS.sign is SHA256

To: Zhang Boyang <zhangboyang.id@gmail.com>, 1011261@bugs.debian.org
Subject: Bug#1011261: The digest algorithm in SHA512SUMS.sign is SHA256
From: Steve McIntyre <steve@einval.com>
Date: Sun, 22 May 2022 00:48:35 +0100
Message-id: <[🔎] 20220521234835.GV17714@tack.einval.com>
Reply-to: Steve McIntyre <steve@einval.com>, 1011261@bugs.debian.org
In-reply-to: <[🔎] c2b04daa-55cf-2c67-0ae1-4fbc48cfcbe0@gmail.com>
References: <[🔎] c2b04daa-55cf-2c67-0ae1-4fbc48cfcbe0@gmail.com> <[🔎] c2b04daa-55cf-2c67-0ae1-4fbc48cfcbe0@gmail.com>

Control: severity -1 minor

On Thu, May 19, 2022 at 12:31:28PM +0800, Zhang Boyang wrote:
>Package: debian-cd
>
>Hello,
>
>I downloaded debian iso and its SHA512SUMS file. However, when I use gpg to
>verify authenticity of SHA512SUMS, I found the signature file use SHA256 as
>its digest algorithm. Although SHA256 is pretty safe, it's seem strange that
>sign a SHA512SUMS with SHA256. I think it's better to sign SHA512SUMS with
>SHA512.

Maybe. It's not really a priority to change anything here right now,
I'll be honest...

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
There's no sensation to compare with this
Suspended animation, A state of bliss

Reply to:

References:
- Bug#1011261: The digest algorithm in SHA512SUMS.sign is SHA256
  - From: Zhang Boyang <zhangboyang.id@gmail.com>

Prev by Date: Bug#1011343: WISHLIST: Offical ALL-IN-ONE images?
Next by Date: Processed: Re: Bug#1011261: The digest algorithm in SHA512SUMS.sign is SHA256
Previous by thread: Bug#1011261: The digest algorithm in SHA512SUMS.sign is SHA256
Next by thread: Processed: Re: Bug#1011261: The digest algorithm in SHA512SUMS.sign is SHA256
Index(es):
- Date
- Thread