[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Thu, Mar 04, 2010 at 01:12:26AM +0900, Osamu Aoki wrote:
> > In this day and age of completely and utterly broken MD5[0], I think we
> > should stop providing these files, and maybe provide something else
> > instead.  Like, I dunno, shasums? Or perhaps gpgsigs? But stop providing
> > md5sums.
> gpg is slow. sha variants will be nice if there is smooth transition in
> place properly planned and supprted with backported package of debsums.

You wouldn't sign each file, just the hash sums file.


Reply to: