[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

Philipp Kern wrote:
> On 2010-03-03, Wouter Verhelst <wouter@debian.org> wrote:
>> This is where I disagree. When a checksum algorithm is compromised (and
>> MD5 *is* compromised), things only ever get worse, not better. Indeed,
>> MD5 preimage attacks are pretty hard *today*. But switching to something
>> more secure in preparation for the day when MD5 will be easily cracked
>> by every script kiddo around is *not* overkill.
> 
> Sure, but to be honest, not even all packages managed to generate md5sums
> 'till now (with some quite core, omnipresent packages missing) so it seems out
> of scope for squeeze.  Maybe squeeze+1.

I think its about time to require to generate checksums for packages and make
all packages which do not do so RC buggy.

-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
                   ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
Reply to: