On Mon, Aug 05, 2013 at 02:15:41PM +0100, Ian Jackson wrote:
> Russ Allbery writes ("Re: Non-identical files with identical md5sums on Debian systems?"):
> > Unless you have a collection of MD5 collision attacks, or have installed a
> > package that includes a sample MD5 collision, [...]
>
> For the sake of sanity of our (still) MD5-based tools, I hope that
> no-one uploads into our archive a package with an example MD5
> collision. (Unless the colliding files are wrapped up somehow, to
> protect our infrastructure from any untoward behaviour.)
What in our infrastructure would break on an MD5 collision anyway? The closest
thing I could think of is dedup.debian.net, but that appears to use SHA512.
--
Kind regards,
Loong Jin
Attachment:
signature.asc
Description: Digital signature