Re: leaks in our only-signed-software fortress

To: debian-devel@lists.debian.org
Subject: Re: leaks in our only-signed-software fortress
From: "brian m. carlson" <sandals@crustytoothpaste.net>
Date: Sat, 18 Feb 2012 17:03:00 +0000
Message-id: <[🔎] 20120218170300.GC91999@crustytoothpaste.ath.cx>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 201202181148.31883.thomas@koch.ro>
References: <[🔎] 0763775752c72b696283491568e04907@scientia.net> <[🔎] 201202181148.31883.thomas@koch.ro>

On Sat, Feb 18, 2012 at 11:48:27AM +0100, Thomas Koch wrote:
> What about a debhelper script that receives an URL (or set of mirror
> URLs) and a SHA1 and does the download and check?

Please use something stronger than SHA-1.  SHA-1 has some weaknesses and
something like SHA-256 or SHA-512 should be used in new applications.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: leaks in our only-signed-software fortress
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- leaks in our only-signed-software fortress
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: leaks in our only-signed-software fortress
  - From: Thomas Koch <thomas@koch.ro>

Prev by Date: Re: Teams in changelog trailers
Next by Date: Re: leaks in our only-signed-software fortress
Previous by thread: Re: leaks in our only-signed-software fortress
Next by thread: Re: leaks in our only-signed-software fortress
Index(es):
- Date
- Thread