Bug#155676: patch] dynamic sha1sums generation

To: Colin Walters <walters@debian.org>, 155676@bugs.debian.org
Subject: Bug#155676: patch] dynamic sha1sums generation
From: Anthony Towns <aj@azure.humbug.org.au>
Date: Wed, 7 Aug 2002 16:42:36 +1000
Message-id: <[🔎] 20020807064236.GB30852@azure.humbug.org.au>
Reply-to: Anthony Towns <aj@azure.humbug.org.au>, 155676@bugs.debian.org
In-reply-to: <[🔎] 1028610263.14212.4.camel@space-ghost>
References: <[🔎] 1028610263.14212.4.camel@space-ghost>

On Tue, Aug 06, 2002 at 01:04:23AM -0400, Colin Walters wrote:
> I chose SHA1 over using MD5 because I've heard word going around that
> while MD5 isn't insecure, it is less secure than previously thought. 
> Specifically that if you can control the size of the file as well, it's
> easier to find a matching MD5 sum.  

AIUI, that's usually avoided by listing the file size as well as the
md5sum. At the very least listing the expected file size gives you a
very easy check for a lot of accidental corruption.

> Plus, using
> /var/lib/dpkg/info/foo.sha1sums avoids a naming conflict with the
> foo.md5sums file.

Wouldn't it be more sensible to put it in

	/var/lib/dpkg/checksums/foo.sha1

or similar?

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

 ``If you don't do it now, you'll be one year older when you do.''

Reply to:

Follow-Ups:
- Bug#155676: patch] dynamic sha1sums generation
  - From: Colin Walters <walters@debian.org>

References:
- Bug#155676: [patch] dynamic sha1sums generation
  - From: Colin Walters <walters@debian.org>

Prev by Date: something incredibly amiss in unstable and dpkg
Next by Date: Bug#155741: dselect: disabling color now causes garbage to be displayed
Previous by thread: Bug#155676: patch] dynamic sha1sums generation
Next by thread: Bug#155676: patch] dynamic sha1sums generation
Index(es):
- Date
- Thread