[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 hashes used in security announcements

On Fri, Oct 24, 2008 at 10:35:52PM +0200, Sjors Gielen wrote:
> Kees Cook wrote:
> > Additionally, it doesn't matter -- it's just the md5 in the email
> > announcement.  The Release and Packages files for the archive have SHA1
> > and SHA256.  The md5 from the announcement is almost not important,
> > IMO -- no one should download files individually from the announcement.
> 
> So if the Release and Packages files are using SHA1 and SHA256, why
> aren't the announcements?

That's up to the people that control the template, but I would assume
because the template is based off of the changes files which until very
recently, only had md5s.  And besides, why make the announcement emails
even longer?  :)

-- 
Kees Cook                                            @outflux.net
Reply to: