Re: Add SHA512 digests to package metadata

To: Alistair Crooks <agc%pkgsrc.org@localhost>, tech-pkg%pkgsrc.org@localhost
Subject: Re: Add SHA512 digests to package metadata
From: Alistair Crooks <agc%pkgsrc.org@localhost>
Date: Mon, 19 Oct 2015 13:27:58 -0700

My way of working is to make a number of small changes, and lots of
them. This usually prevents big bang scenarios. You obviously prefer
to make fewer, but more far-reaching changes.

I'm not saying that one approach is better than the other, but I also
think that trying to make your approach work for me is going to be
counter-productive, much as if I were to try to encourage my way of
working onto you.

On 19 October 2015 at 13:13, Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:
> On Mon, Oct 19, 2015 at 12:14:09PM -0700, Alistair Crooks wrote:
>> As I said, I'd like for us to stop relying on MD5 sums as a priority.
>
> I don't see why we have to change something here immediately and can't
> do it properly in one step. The MD5 sums are a poor man's IDS at best,
> if someone can change the files on disk or in the package, you have
> already far bigger problems. The only point to "we must change now" is a
> checkbox on a bad auditor's list.
>
> Joerg
>

Follow-Ups:
- Re: Add SHA512 digests to package metadata
  - From: Joerg Sonnenberger

References:
- Add SHA512 digests to package metadata
  - From: Alistair Crooks
- Re: Add SHA512 digests to package metadata
  - From: Joerg Sonnenberger
- Re: Add SHA512 digests to package metadata
  - From: Alistair Crooks
- Re: Add SHA512 digests to package metadata
  - From: Joerg Sonnenberger

Prev by Date: Re: Add SHA512 digests to package metadata
Next by Date: Re: Add SHA512 digests to package metadata
Previous by Thread: Re: Add SHA512 digests to package metadata
Next by Thread: Re: Add SHA512 digests to package metadata
Indexes:

Home | Main Index | Thread Index | Old Index