[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

On Fri, Aug 2, 2013 at 3:29 PM, Guillem Jover wrote:

> Adding stronger hashes support seems in general like a good idea, but
> I've never quite understood the urge to remove weaker ones in case
> these get accumulated instead of replaced, as more hashes should also
> in general imply a harder time coming up with data that will produce
> all the same hashes.

The only argument to remove them would be that they take up space in
the apt metadata.

> In any case, removing md5 support seems like a bad idea to me right
> now, as older software might not have been adapted to check the other
> hashes, or would imply breaking the current .dsc and ,changes formats,
> as the Files field uses md5.

We've had SHA1 since before snapshot.d.o data started (2005), I would
guess any relevant software would have been updated in the last 8


> It might be good to create a similar wiki page (to DebSupport) with
> the repository format support, so that we can get a better idea of the
> current status of the software around.

Agreed, created one here, minimal content though:




Reply to: