Re: Release file changes
* Joerg Jaspert:
>>> I additionally opened a bug with apt to add support for SHA512SUM, so
>>> we can start using them. As soon as that is possible I intend to drop
>>> SHA256 and end up with SHA1/SHA512 only.
>> Please don't. I have more faith in SHA-256 than SHA-512.
> Uhh, fine - why?
I think this question is a bit rude if faith is involved, but here we
go: the number of rounds in SHA-512 is rather small, considering its
block size and internal state space, in particular in comparison with
More practically speaking, SHA-512 would add about 450 kB of
incompressible junk to the Packages file, so we probably want to stick
to SHA-256 there. But using different hashes in Release and Packages
files is just bloat.