Re: Release file changes
>>>> I additionally opened a bug with apt to add support for SHA512SUM, so
>>>> we can start using them. As soon as that is possible I intend to drop
>>>> SHA256 and end up with SHA1/SHA512 only.
>>> Please don't. I have more faith in SHA-256 than SHA-512.
>> Uhh, fine - why?
> I think this question is a bit rude if faith is involved, but here we
Not intended rude, but you asked to not do something. So I want to know
why, as I'm not of the faith... :)
> the number of rounds in SHA-512 is rather small, considering its block
> size and internal state space, in particular in comparison with
> More practically speaking, SHA-512 would add about 450 kB of
> incompressible junk to the Packages file, so we probably want to stick
> to SHA-256 there. But using different hashes in Release and Packages
> files is just bloat.
We are not (yet?) speaking about the other files, *right* now this is
about the Release file. Yes, in the future the rest has to come up too.
Though, 450k in a Packages file of nearly 7mb, bz2 compressed...
If God didn’t want us to eat in church, he would’ve made gluttony a sin.