Re: Release file changes

To: The Fungi <fungi@yuggoth.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Release file changes
From: Joerg Jaspert <joerg@debian.org>
Date: Mon, 21 Feb 2011 21:13:51 +0100
Message-id: <[🔎] 87bp25tabk.fsf@gkar.ganneff.de>
Mail-followup-to: The Fungi <fungi@yuggoth.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20110221192243.GK1293@yuggoth.org> (The Fungi's message of "Mon, 21 Feb 2011 19:22:46 +0000")
References: <877hcuy468.fsf@gkar.ganneff.de> <[🔎] 8762sdff26.fsf@mid.deneb.enyo.de> <[🔎] 20110221130502.dfb4c885.michael.s.gilbert@gmail.com> <[🔎] 20110221192243.GK1293@yuggoth.org>

> It might be worth approaching from a pragmatic perspective... why
> generate SHA-512 checksums when you're only going to be signing a
> SHA-256 digest of that list (that is unless you want to alienate
> users of OpenPGP-compliant tools which don't implement optional
> algorithms). Is it because you feel SHA-512 is more
> tamper-resistant, or because you're worried that you might wind up
> with two entries accidentally colliding over the same SHA-256 hash
> (which is pretty unlikely statistically speaking, and even then may
> not be particularly relevant depending on the use case for the
> hashes).

Care to make a point for the gpg stuff around it within bug #612657? 

-- 
bye, Joerg
<snooze02> sind jabber und icq 2 unterschiedliche netzwerke ?

Reply to:

Follow-Ups:
- Re: Release file changes
  - From: The Fungi <fungi@yuggoth.org>

References:
- Re: Release file changes
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Release file changes
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: Release file changes
  - From: The Fungi <fungi@yuggoth.org>

Prev by Date: Re: Release file changes
Next by Date: Re: Release file changes
Previous by thread: Re: Release file changes
Next by thread: Re: Release file changes
Index(es):
- Date
- Thread