Re: Add SHA512 digests to package metadata

To: Alistair Crooks <agc%pkgsrc.org@localhost>
Subject: Re: Add SHA512 digests to package metadata
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Mon, 19 Oct 2015 22:13:31 +0200

On Mon, Oct 19, 2015 at 12:14:09PM -0700, Alistair Crooks wrote:
> As I said, I'd like for us to stop relying on MD5 sums as a priority.

I don't see why we have to change something here immediately and can't
do it properly in one step. The MD5 sums are a poor man's IDS at best,
if someone can change the files on disk or in the package, you have
already far bigger problems. The only point to "we must change now" is a
checkbox on a bad auditor's list.

Joerg

Follow-Ups:
- Re: Add SHA512 digests to package metadata
  - From: Alistair Crooks

References:
- Add SHA512 digests to package metadata
  - From: Alistair Crooks
- Re: Add SHA512 digests to package metadata
  - From: Joerg Sonnenberger
- Re: Add SHA512 digests to package metadata
  - From: Alistair Crooks

Prev by Date: Re: Add SHA512 digests to package metadata
Next by Date: Re: Add SHA512 digests to package metadata
Previous by Thread: Re: Add SHA512 digests to package metadata
Next by Thread: Re: Add SHA512 digests to package metadata
Indexes:

Home | Main Index | Thread Index | Old Index