tech-pkg: Reading the netbsd quarterly report

Subject: Reading the netbsd quarterly report
To: None <tech-pkg@netbsd.org>
From: Marc Espie <espie@nerim.net>
List: tech-pkg
Date: 04/10/2005 13:59:02

Warning, Troll ahead.

I read:

> Following the discovery of weaknesses in the SHA1 algorithm Alistair
> Crooks demonstrated once more the proactive approach NetBSD takes
> towards security and committed modifications to pkgsrc to allow
> multiple digests to check the distfiles as downloaded from the
> internet for integrity. See
> http://mail-index.NetBSD.org/tech-pkg/2005/02/16/0008.html for
> details.

Well, I'll take the paranoid approach of OpenBSD over the `proactive
approach of NetBSD any day. We've had this for over 6 years:

revision 1.75
date: 1999/03/03 18:18:46;  author: espie;  state: Exp;  lines: +76 -28
Replace md5 checksum with a choice of sha1, rmd160, md5.
Upward compatible. 

Sorry guys, there's stuff you probably shouldn't brag too much about...