[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release file changes



>> I additionally opened a bug with apt to add support for SHA512SUM, so
>> we can start using them. As soon as that is possible I intend to drop
>> SHA256 and end up with SHA1/SHA512 only.
> Unfortunately, the algorithm used for the GnuPG signatures (both in
> InRelease and Release.gpg) is SHA-1.  Removing SHA-256 in favor of
> SHA-512 does not increase security because the signatures are the
> weakest point.  See #612657 for more details.

Well, a slightly different point then reducing yourself to just 2
hashes, but yes, we should look to change that part too.


-- 
bye, Joerg
Son, when you participate in sporting events, it's not whether you win
or lose: it's how drunk you get.


Reply to: