Bug#155676: patch] dynamic sha1sums generation
On Tue, Aug 06, 2002 at 01:04:23AM -0400, Colin Walters wrote:
> I chose SHA1 over using MD5 because I've heard word going around that
> while MD5 isn't insecure, it is less secure than previously thought.
> Specifically that if you can control the size of the file as well, it's
> easier to find a matching MD5 sum.
AIUI, that's usually avoided by listing the file size as well as the
md5sum. At the very least listing the expected file size gives you a
very easy check for a lot of accidental corruption.
> Plus, using
> /var/lib/dpkg/info/foo.sha1sums avoids a naming conflict with the
> foo.md5sums file.
Wouldn't it be more sensible to put it in
Anthony Towns <firstname.lastname@example.org> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``If you don't do it now, you'll be one year older when you do.''