Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?
On Fri, Aug 2, 2013 at 3:29 PM, Guillem Jover wrote:
> Adding stronger hashes support seems in general like a good idea, but
> I've never quite understood the urge to remove weaker ones in case
> these get accumulated instead of replaced, as more hashes should also
> in general imply a harder time coming up with data that will produce
> all the same hashes.
The only argument to remove them would be that they take up space in
the apt metadata.
> In any case, removing md5 support seems like a bad idea to me right
> now, as older software might not have been adapted to check the other
> hashes, or would imply breaking the current .dsc and ,changes formats,
> as the Files field uses md5.
We've had SHA1 since before snapshot.d.o data started (2005), I would
guess any relevant software would have been updated in the last 8
> It might be good to create a similar wiki page (to DebSupport) with
> the repository format support, so that we can get a better idea of the
> current status of the software around.
Agreed, created one here, minimal content though: