tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Add SHA512 digests to package metadata

My way of working is to make a number of small changes, and lots of
them. This usually prevents big bang scenarios. You obviously prefer
to make fewer, but more far-reaching changes.

I'm not saying that one approach is better than the other, but I also
think that trying to make your approach work for me is going to be
counter-productive, much as if I were to try to encourage my way of
working onto you.

On 19 October 2015 at 13:13, Joerg Sonnenberger <> wrote:
> On Mon, Oct 19, 2015 at 12:14:09PM -0700, Alistair Crooks wrote:
>> As I said, I'd like for us to stop relying on MD5 sums as a priority.
> I don't see why we have to change something here immediately and can't
> do it properly in one step. The MD5 sums are a poor man's IDS at best,
> if someone can change the files on disk or in the package, you have
> already far bigger problems. The only point to "we must change now" is a
> checkbox on a bad auditor's list.
> Joerg

Home | Main Index | Thread Index | Old Index