Re: md5sums files
On Thu, Mar 04, 2010 at 01:12:26AM +0900, Osamu Aoki wrote:
> > In this day and age of completely and utterly broken MD5, I think we
> > should stop providing these files, and maybe provide something else
> > instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing
> > md5sums.
> gpg is slow. sha variants will be nice if there is smooth transition in
> place properly planned and supprted with backported package of debsums.
You wouldn't sign each file, just the hash sums file.