Re: Release file changes
> It might be worth approaching from a pragmatic perspective... why
> generate SHA-512 checksums when you're only going to be signing a
> SHA-256 digest of that list (that is unless you want to alienate
> users of OpenPGP-compliant tools which don't implement optional
> algorithms). Is it because you feel SHA-512 is more
> tamper-resistant, or because you're worried that you might wind up
> with two entries accidentally colliding over the same SHA-256 hash
> (which is pretty unlikely statistically speaking, and even then may
> not be particularly relevant depending on the use case for the
> hashes).
Care to make a point for the gpg stuff around it within bug #612657?
--
bye, Joerg
<snooze02> sind jabber und icq 2 unterschiedliche netzwerke ?
Reply to: