[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

On Sat, Aug 3, 2013 at 1:34 PM, Paul Wise <pabs@debian.org> wrote:
On Sat, Aug 3, 2013 at 12:30 PM, Ian Campbell wrote:

> Did debian-devel have not this same conversation not so long ago? I'm
> getting that deja vu feeling...

Yes:

http://lists.debian.org/1349911198.3341.117.camel@fermat.scientia.net

I probably should have searched the archives before posting, sorry.

JFTR (from re-reading the dejavu :)

I think it's useless to upgrade to SHA512 (or SHA-3), but at the same time I think
we should drop MD5/SHA-1 in .changes/.dsc files (and Release.gpg).

Using MD5 for debsums is just fine - the algorithm there needs different properties
and any good checksum algorithm would do. (Even CRC-32 or Alder-32 would be
fine, I guess...)

O.
--
Ondřej Surý <ondrej@sury.org>
Reply to: